# Amazon IAM

Amazon IAM

Identity and access management refers to the signed requests sent to AWS. These signed requests are signed with IAM Access keys that consist of Key ID \[begins with AKIA and are 20 characters long] which is usually considered as a username and Secret Key \[40 characters long]. The issue with these credentials is that when an attacker is able to locate them they can create a new profile with these credentials and send requests using these credentials.

Adding credential keys to a new profile

```plaintext
aws configure --profile PROFILENAME
```

Listing buckets in the new account using the newly added profile

```plaintext
aws s3 ls --profile PROFILENAME
```

Finding an account ID given you got the access key

```plaintext
aws sts get-access-key-info --access-key-id AKA_EXAMPLE --profile [profile-name]
```

Finding the username

```plaintext
aws sts get-caller-identity --profile PROFILENAME
```

Listing EC2 instances belonging to an account

```plaintext
aws ec2 describe-instances --output text --profile PROFILENAME
```

Listing EC2 instances belonging to an account with a region specified.

```plaintext
aws ec2 describe-instances --output text --region us-east-1 --profile PROFILENAME
```

Retrieving the secrets or the credential manager contents of a profile

```plaintext
aws secretsmanager list-secrets --profile [profile-name]
```

Retrieving a specific secret value from the credential manager

```plaintext
aws secretsmanager get-secret-value --secret-id [nameofthesecret] --profile [profile-name]
```

Retrieving a specific secret value from the credential manager with region specified

```plaintext
aws secretsmanager get-secret-value --secret-id [nameofthesecret] --profile [profile-name] --region
```

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://itrp19-notes.gitbook.io/notes/reference/hacking/cloud/aws/amazon-iam.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.