Most unauthenticated recon within AWS isn't technically unauthenticated, because there are credentials that are required. The difference is that for unauthenticated recon, we use our own attacker AWS keys, so we are unauthenticated to our target environment, and any logs of our enumeration/attempts will show up in our own account only. This is almost as unauthenticated as you can get when enumerating AWS resources, besides something like open S3 buckets, but even then, some kind of credential can help the process due to how permissions are set up in some buckets.
One integral part to most unauthenticated/cross-account attacks is the knowledge of the target AWS account ID. The account ID allows us to associate ...