Skip to content

AWS - Access Token & Secrets

URL Services

Service URL
s3 https://{user_provided}.s3.amazonaws.com
cloudfront https://{random_id}.cloudfront.net
ec2 ec2-{ip-seperated}.compute-1.amazonaws.com
es https://{user_provided}-{random_id}.{region}.es.amazonaws.com
elb http://{user_provided}-{random_id}.{region}.elb.amazonaws.com:80/443
elbv2 https://{user_provided}-{random_id}.{region}.elb.amazonaws.com
rds mysql://{user_provided}.{random_id}.{region}.rds.amazonaws.com:3306
rds postgres://{user_provided}.{random_id}.{region}.rds.amazonaws.com:5432
route 53 {user_provided}
execute-api https://{random_id}.execute-api.{region}.amazonaws.com/{user_provided}
cloudsearch https://doc-{user_provided}-{random_id}.{region}.cloudsearch.amazonaws.com
transfer sftp://s-{random_id}.server.transfer.{region}.amazonaws.com
iot mqtt://{random_id}.iot.{region}.amazonaws.com:8883
iot https://{random_id}.iot.{region}.amazonaws.com:8443
iot https://{random_id}.iot.{region}.amazonaws.com:443
mq https://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:8162
mq ssl://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:61617
kafka b-{1,2,3,4}.{user_provided}.{random_id}.c{1,2}.kafka.{region}.amazonaws.com
kafka {user_provided}.{random_id}.c{1,2}.kafka.useast-1.amazonaws.com
cloud9 https://{random_id}.vfs.cloud9.{region}.amazonaws.com
mediastore https://{random_id}.data.mediastore.{region}.amazonaws.com
kinesisvideo https://{random_id}.kinesisvideo.{region}.amazonaws.com
mediaconvert https://{random_id}.mediaconvert.{region}.amazonaws.com
mediapackage https://{random_id}.mediapackage.{region}.amazonaws.com/in/v1/{random_id}/channel

Access Key ID & Secret

IAM uses the following prefixes to indicate what type of resource each unique ID applies to. The first four characters are the prefix that depends on the type of the key.

Prefix Resource type
ABIA AWS STS service bearer token
ACCA Context-specific credential
AGPA User group
AIDA IAM user
AIPA Amazon EC2 instance profile
AKIA Access key
ANPA Managed policy
ANVA Version in a managed policy
APKA Public key
AROA Role
ASCA Certificate
ASIA Temporary (AWS STS) access key

The rest of the string is Base32 encoded and can be used to recover the account id.

import base64
import binascii

def AWSAccount_from_AWSKeyID(AWSKeyID):

    trimmed_AWSKeyID = AWSKeyID[4:] #remove KeyID prefix
    x = base64.b32decode(trimmed_AWSKeyID) #base32 decode
    y = x[0:6]

    z = int.from_bytes(y, byteorder='big', signed=False)
    mask = int.from_bytes(binascii.unhexlify(b'7fffffffff80'), byteorder='big', signed=False)

    e = (z & mask)>>7
    return (e)


print ("account id:" + "{:012d}".format(AWSAccount_from_AWSKeyID("ASIAQNZGKIQY56JQ7WML")))

Regions

  • US Standard - http://s3.amazonaws.com
  • Ireland - http://s3-eu-west-1.amazonaws.com
  • Northern California - http://s3-us-west-1.amazonaws.com
  • Singapore - http://s3-ap-southeast-1.amazonaws.com
  • Tokyo - http://s3-ap-northeast-1.amazonaws.com

Gaining AWS Console Access via API Keys

A utility to convert your AWS CLI credentials into AWS console access.

  • Using NetSPI/aws_consoler
    $> aws_consoler -v -a AKIA[REDACTED] -s [REDACTED]
    2020-03-13 19:44:57,800 [aws_consoler.cli] INFO: Validating arguments...
    2020-03-13 19:44:57,801 [aws_consoler.cli] INFO: Calling logic.
    2020-03-13 19:44:57,820 [aws_consoler.logic] INFO: Boto3 session established.
    2020-03-13 19:44:58,193 [aws_consoler.logic] WARNING: Creds still permanent, creating federated session.
    2020-03-13 19:44:58,698 [aws_consoler.logic] INFO: New federated session established.
    2020-03-13 19:44:59,153 [aws_consoler.logic] INFO: Session valid, attempting to federate as arn:aws:sts::123456789012:federated-user/aws_consoler.
    2020-03-13 19:44:59,668 [aws_consoler.logic] INFO: URL generated!
    https://signin.aws.amazon.com/federation?Action=login&Issuer=consoler.local&Destination=https%3A%2F%2Fconsole.aws.amazon.com%2Fconsole%2Fhome%3Fregion%3Dus-east-1&SigninToken=[REDACTED]
    

References