AWS APIs abuse: Watch out for these vulnerable APIs

In December 2020, Unit 42 researchers at Palo Alto Networks discovered a class of AWS application programming interfaces (APIs) that can be abused to enumerate sensitive information about a target’s AWS organization. The information at risk includes AWS identity and access management (IAM) users and roles. The affected APIs can be exploited across all three AWS partitions (aws, aws-us-gov and aws-cn). 

We will discuss what AWS APIs are, AWS resource-based policies, vulnerable AWS APIs and how to mitigate the risks associated with AWS APIs.

What are AWS APIs?

An API is software that allows applications to interact with each other either internally or over the internet. AWS APIs act as an interface between applications/services and AWS services. All access requests to AWS services (i.e., via the AWS management console, AWS SDKs and command-line tools) are calls made to AWS APIs in the background.

Popular AWS APIs include:

AWS Elastic Compute Cloud (EC2) API AWS Simple Storage Service (S3) API AWS Relational Database Service (RDS) API AWS DynamoDB API AWS resource-based policies

According to the researchers, bad actors can abuse AWS APIs due to the validation process in resource-based policies. AWS resource-based policies are policies that are attached

Read More: