In December 2020, Unit 42 researchers at Palo Alto Networks discovered a class of AWS application programming interfaces (APIs) that can be abused to enumerate sensitive information about a target’s AWS organization. The information at risk includes AWS identity and access management (IAM) users and roles. The affected APIs can be exploited across all three AWS partitions (aws, aws-us-gov and aws-cn).
We will discuss what AWS APIs are, AWS resource-based policies, vulnerable AWS APIs and how to mitigate the risks associated with AWS APIs.
What are AWS APIs?
An api is software that allows applications to interact with each other either internally or over the internet. AWS APIs act as an interface between applications/services and AWS services. All access requests to AWS services (i.e., via the AWS management console, AWS SDKs and command-line tools) are calls made to AWS APIs in the background.
Popular AWS APIs include:
According to the researchers, bad actors can abuse AWS APIs due to the validation process in resource-based policies. AWS resource-based policies are policies that are attached