In this short blog post, we describe how to retrieve AWS security credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN) when au

Retrieving AWS security credentials from the AWS console

submited by
Style Pass
2021-06-06 18:30:13

In this short blog post, we describe how to retrieve AWS security credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN) when authenticated in the AWS Console.

“I have access to the AWS console; how do I retrieve the AWS security credentials corresponding to my role?” is a question I’ve asked myself more than once, typically when using identity federation, and assuming a role in an AWS account using an IdP that doesn’t support the CLI. It’s also very relevant in pentesting or red teaming, where you might have stolen a victim’s browser cookies and would like to leverage their access from the CLI.

The AWS console doesn’t directly make use of the usual AWS security credentials. Instead of sending API requests to the AWS services API endpoints, it proxies it through an AWS console backend service, and requests are authenticated with an AWS console-specific cookie.

AWS CloudShell, released in late 2020, is a web-based shell in the AWS console allowing to run CLI commands directly from the web interface:

Leave a Comment