Credentials Exposure

Credentials Exposure actions return credentials as part of the API response , such as ecr:GetAuthorizationToken, iam:UpdateAccessKey, and others. The full list is below.

• chime:createapikey
• codepipeline:pollforjobs
• cognito-identity:getopenidtoken
• cognito-identity:getopenidtokenfordeveloperidentity
• cognito-identity:getcredentialsforidentity
• connect:getfederationtoken
• connect:getfederationtokens
• ec2:getpassworddata
• ecr:getauthorizationtoken
• gamelift:requestuploadcredentials
• iam:createaccesskey
• iam:createloginprofile
• iam:createservicespecificcredential
• iam:resetservicespecificcredential
• iam:updateaccesskey
• lightsail:getinstanceaccessdetails
• lightsail:getrelationaldatabasemasteruserpassword
• rds-db:connect
• redshift:getclustercredentials
• sso:getrolecredentials
• mediapackage:rotatechannelcredentials
• mediapackage:rotateingestendpointcredentials
• sts:assumerole
• sts:assumerolewithsaml
• sts:assumerolewithwebidentity
• sts:getfederationtoken
• sts:getsessiontoken