Skip to content

AWS - Access Token & Secrets

URL Services

Service URL
s3 https://{user_provided}
cloudfront https://{random_id}
ec2 ec2-{ip-seperated}
es https://{user_provided}-{random_id}.{region}
elb http://{user_provided}-{random_id}.{region}
elbv2 https://{user_provided}-{random_id}.{region}
rds mysql://{user_provided}.{random_id}.{region}
rds postgres://{user_provided}.{random_id}.{region}
route 53 {user_provided}
execute-api https://{random_id}.execute-api.{region}{user_provided}
cloudsearch https://doc-{user_provided}-{random_id}.{region}
transfer sftp://s-{random_id}.server.transfer.{region}
iot mqtt://{random_id}.iot.{region}
iot https://{random_id}.iot.{region}
iot https://{random_id}.iot.{region}
mq https://b-{random_id}-{1,2}.mq.{region}
mq ssl://b-{random_id}-{1,2}.mq.{region}
kafka b-{1,2,3,4}.{user_provided}.{random_id}.c{1,2}.kafka.{region}
kafka {user_provided}.{random_id}.c{1,2}
cloud9 https://{random_id}.vfs.cloud9.{region}
mediastore https://{random_id}.data.mediastore.{region}
kinesisvideo https://{random_id}.kinesisvideo.{region}
mediaconvert https://{random_id}.mediaconvert.{region}
mediapackage https://{random_id}.mediapackage.{region}{random_id}/channel

Access Key ID & Secret

IAM uses the following prefixes to indicate what type of resource each unique ID applies to. The first four characters are the prefix that depends on the type of the key.

Prefix Resource type
ABIA AWS STS service bearer token
ACCA Context-specific credential
AGPA User group
AIPA Amazon EC2 instance profile
AKIA Access key
ANPA Managed policy
ANVA Version in a managed policy
APKA Public key
ASCA Certificate
ASIA Temporary (AWS STS) access key

The rest of the string is Base32 encoded and can be used to recover the account id.

import base64
import binascii

def AWSAccount_from_AWSKeyID(AWSKeyID):

    trimmed_AWSKeyID = AWSKeyID[4:] #remove KeyID prefix
    x = base64.b32decode(trimmed_AWSKeyID) #base32 decode
    y = x[0:6]

    z = int.from_bytes(y, byteorder='big', signed=False)
    mask = int.from_bytes(binascii.unhexlify(b'7fffffffff80'), byteorder='big', signed=False)

    e = (z & mask)>>7
    return (e)

print ("account id:" + "{:012d}".format(AWSAccount_from_AWSKeyID("ASIAQNZGKIQY56JQ7WML")))


  • US Standard -
  • Ireland -
  • Northern California -
  • Singapore -
  • Tokyo -

Gaining AWS Console Access via API Keys

A utility to convert your AWS CLI credentials into AWS console access.

  • Using NetSPI/aws_consoler
    $> aws_consoler -v -a AKIA[REDACTED] -s [REDACTED]
    2020-03-13 19:44:57,800 [aws_consoler.cli] INFO: Validating arguments...
    2020-03-13 19:44:57,801 [aws_consoler.cli] INFO: Calling logic.
    2020-03-13 19:44:57,820 [aws_consoler.logic] INFO: Boto3 session established.
    2020-03-13 19:44:58,193 [aws_consoler.logic] WARNING: Creds still permanent, creating federated session.
    2020-03-13 19:44:58,698 [aws_consoler.logic] INFO: New federated session established.
    2020-03-13 19:44:59,153 [aws_consoler.logic] INFO: Session valid, attempting to federate as arn:aws:sts::123456789012:federated-user/aws_consoler.
    2020-03-13 19:44:59,668 [aws_consoler.logic] INFO: URL generated![REDACTED]