Attacking Lambda functions with read access

To start the read access only section of this chapter, we will be creating a new IAM user with a specific set of permissions. This is the user that we will use to demo our attack, so we can assume that we just compromised this user's keys, through one method or another. These permissions will allow read-only access to AWS Lambda and object-upload access to S3, but nothing beyond that. We aren't going to walk through the whole process of creating a user, setting up their permissions, and adding their keys to the AWS CLI, because we covered that in previous chapters.

So, go ahead and create a new IAM user with programmatic access to AWS. For this demo, we will be naming that user LambdaReadOnlyTester ...

Get Hands-On AWS Penetration Testing with Kali Linux now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.