Hacking Misconfigured Cloud Resource-Based Policies


Misconfigured Resource-Based Policies

Resource-based policies are an often overlooked part of AWS security that can have significant implications. A resource-based policy is a type of policy that is attached directly to an AWS resource that describes what actions can be performed on it and by whom.

For example, the following is a bucket policy (a type of resource-based policy) that would permit the tester user to list the contents of the super-public-fun-bucket S3 bucket.

{ “Version” : “2012-…

Read More