GITBOOK-729: No subject

2025-12-12 15:50:19 -08:00 · 2024-12-16 11:31:25 +00:00
parent 7418e06621
commit f217dad7bc
1 changed files with 8 additions and 0 deletions
--- a/pentesting-cloud/aws-security/aws-permissions-for-a-pentest.md
+++ b/pentesting-cloud/aws-security/aws-permissions-for-a-pentest.md
@@ -18,6 +18,14 @@ Learn & practice GCP Hacking: <img src="../../.gitbook/assets/image (2) (1).png"
 These are the permissions you need on each AWS account you want to audit to be able to run all the proposed AWS audit tools:

 * The default policy **arn:aws:iam::aws:policy/**[**ReadOnlyAccess**](https://us-east-1.console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/ReadOnlyAccess)
+* To run [aws\_iam\_review](https://github.com/carlospolop/aws_iam_review) you also need the permissions:
+  * **access-analyzer:List\***
+  * **access-analyzer:Get\***
+  * **iam:CreateServiceLinkedRole**
+  * **access-analyzer:CreateAnalyzer**
+    * Optional if the client generates the analyzers for you, but usually it's easier just to ask for this permission)
+  * **access-analyzer:DeleteAnalyzer**
+    * Optional if the client removes the analyzers for you, but usually it's easier just to ask for this permission)

 {% hint style="success" %}
 Learn & practice AWS Hacking:<img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\