Hacking Bloghttps://hack.com.cy/notes/cloud/aws/iam/Recent content on Hacking BlogHugoenBasic IAM Enumeration Cheet Sheethttps://hack.com.cy/notes/cloud/aws/iam/iam/Thu, 21 Aug 2025 00:00:00 +0000https://hack.com.cy/notes/cloud/aws/iam/iam/<h3 id="1-list-iam-users"><strong>1. List IAM Users</strong></h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam list-users </span></span></code></pre></div><hr> <h3 id="2-get-user-permissions"><strong>2. Get User Permissions</strong></h3> <h4 id="a-list-attached-managed-policies">a. List attached managed policies</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam list-attached-user-policies --user-name <span class="o">[</span>user-name<span class="o">]</span> </span></span></code></pre></div><h4 id="b-list-inline-policies">b. List inline policies</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam list-user-policies --user-name <span class="o">[</span>user-name<span class="o">]</span> </span></span></code></pre></div><h4 id="c-get-inline-policy-details">c. Get inline policy details</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam get-user-policy --user-name <span class="o">[</span>user-name<span class="o">]</span> --policy-name <span class="o">[</span>policy-name<span class="o">]</span> </span></span></code></pre></div><hr> <h3 id="3-list-iam-groups-and-permissions"><strong>3. List IAM Groups and Permissions</strong></h3> <h4 id="a-list-groups-for-a-user">a. List groups for a user</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam list-groups-for-user --user-name <span class="o">[</span>user-name<span class="o">]</span> </span></span></code></pre></div><h4 id="b-list-group-policies">b. List group policies</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam list-attached-group-policies --group-name <span class="o">[</span>group-name<span class="o">]</span> aws iam list-group-policies --group-name <span class="o">[</span>group-name<span class="o">]</span> </span></span></code></pre></div><h4 id="c-get-inline-group-policy-details">c. Get inline group policy details</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam get-group-policy --group-name <span class="o">[</span>group-name<span class="o">]</span> --policy-name <span class="o">[</span>policy-name<span class="o">]</span> </span></span></code></pre></div><hr> <h3 id="4-list-iam-roles-and-permissions"><strong>4. List IAM Roles and Permissions</strong></h3> <h4 id="a-list-all-roles">a. List all roles</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam list-roles </span></span></code></pre></div><h4 id="b-get-role-details-trust-policy">b. Get role details (trust policy)</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam get-role --role-name <span class="o">[</span>role-name<span class="o">]</span> </span></span></code></pre></div><h4 id="c-list-attached-policies">c. List attached policies</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam list-attached-role-policies --role-name <span class="o">[</span>role-name<span class="o">]</span> </span></span></code></pre></div><h4 id="d-list-inline-policies">d. List inline policies</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam list-role-policies --role-name <span class="o">[</span>role-name<span class="o">]</span> </span></span></code></pre></div><h4 id="e-get-inline-role-policy-details">e. Get inline role policy details</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam get-role-policy --role-name <span class="o">[</span>role-name<span class="o">]</span> --policy-name <span class="o">[</span>policy-name<span class="o">]</span> </span></span></code></pre></div><hr> <h3 id="5-get-and-decode-policy-documents"><strong>5. Get and Decode Policy Documents</strong></h3> <h4 id="a-get-a-managed-policy-document-by-arn-or-name">a. Get a managed policy document (by ARN or name)</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam get-policy --policy-arn <span class="o">[</span>policy-arn<span class="o">]</span> aws iam get-policy-version --policy-arn <span class="o">[</span>policy-arn<span class="o">]</span> --version-id <span class="o">[</span>version-id<span class="o">]</span> </span></span></code></pre></div><hr> <h3 id="6-view-full-iam-snapshot"><strong>6. View Full IAM Snapshot</strong></h3> <h4 id="a-dump-all-iam-permissions-users-roles-groups-policies">a. Dump all IAM permissions (users, roles, groups, policies)</h4> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam get-account-authorization-details </span></span></code></pre></div><blockquote> <p>Use this to build a full IAM permissions map. Add <code>--filter</code> to target roles/users/groups specifically.</p>