AWS CLI
AWS Keys stored in ~/.aws/credentials
[default]
aws_access_key_id = AKIA...
aws_secret_access_key = ABC...
Basic Commands
| Command | Description |
|---|---|
| aws configure | Set access keys |
| aws configure set aws_session_token "[Token]" | Set session token |
| aws sts get-caller-identity | "whoami" |
| aws iam get-user | "whoami" quiet alternative (error based) |
| aws iam list-groups-for-user --user-name [username] | Enumerate a user's groups |
| aws iam list-attached-user-policies --user-name [username] | Enumerate a user's policies |
| aws iam list-user-policies --user-name [username] | Enumerate inline policies |
| aws iam list-policy-versions --policy-arn [fullPolicyARN] | Enumerate versions of a policy |
| aws iam get-policy-version --policy-arn [fullPolicyARN] --version-id v[#] | Get the details of a specific policy version |
| aws iam list-attached-role-policies --role-name [roleName] | List policies attached to a role |
| aws iam get-role --role-name [roleName] | Get details about a role |
| aws iam get-policy --policy-arn [fullPolicyName] | Enumerate a policy |
| aws iam get-user-policy --user-name [userName]--policy-name [inlinePolicyName] | Enumerate an inline policy |
| aws iam list-users --query "Users[*].Arn" | List users |