Defensive Options When Using AWS IAM Roles

If an AWS EC2 (or other AWS service) is configured with an IAM role, and an attacker can access the metadata service at 169.254.169.254 from that EC2, the attacker can use the credentials available there to progress their attack further. In this post I'll show the options defenders can take against this problem.


Comments

Be the first to comment !



Related Posts


4 months, 1 week ago

Azure Low Priority Vms For Cost Savings

Among the many ways to purchase and consume Azure resources are Azure low priority VMs. These vir..

4 months ago

Why AWS Eventbridge Changes Everything..

AWS EventBridge may encourage SaaS businesses to formally define and manage public event models t..

George Mao , 4 months, 2 weeks ago

Best Practices For Developing on AWS Lambda

In our previous post we discussed the various ways you can invoke AWS Lambda functions. In this p..

Thiyagarajan Arumugam , 4 months, 1 week ago

Orchestrate an ETL Process Using AWS Step Functions For Amazon Redshift

Modern data lakes depend on extract, transform, and load (ETL) operations to convert bulk informa..

Shimon Tolts , 3 months, 4 weeks ago

Building a Modern CI/CD Pipeline in The Serverless Era With Gitops

In recent years, there was a major transition in the way you build and ship software. This was ma..

3 months, 4 weeks ago

Fastify/Aws-lambda-fastify

Insipired by aws-serverless-express to work with Fastify with inject functionality.

..

-->