Cross account AWS IAM roles with external IDs and MFA

Credentials for cloud penetration tests and security assessments

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Cloud Governance | IAM | AWS Security

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When 2nd Sight Lab performs cloud penetration tests or cloud security assessments for customers, we ask for credentials with a specific set of permissions to analyze accounts to see if they have any security issues. We look at whether the account is following best practices, review architectural issues, can quickly query the network and IAM access, and check places where developers may be storing secrets in code. Some customers specifically request a penetration test, rather than an assessment or architecture review, because they require one to maintain compliance with PCI, HIPAA, or some other regulation.

We usually combine an assessment of cloud infrastructure with a web application assessment or penetration test because a vulnerable application is one of the gateways into your cloud account. We report external web application vulnerabilities on an assessment. On a penetration test, we attempt to exploit vulnerabilities to demonstrate whether the…