Cloudsplaining
Credentials Exposure
Initializing search
    GitHub
    GitHub
    • Home
      • Introduction
      • Installation
      • Downloading Account IAM Details
      • Creating an Exclusions File
      • Scanning a single AWS account
      • Scanning a single policy
      • Scanning multiple AWS accounts
      • Troubleshooting
      • Overview
      • Triage
      • Remediation
      • Validation
      • Privilege Escalation
      • Resource Exposure
      • Data Exfiltration
      • Credentials Exposure
      • Infrastructure Modification
      • Service Wildcard
      • Roles Assumable by Compute Service
      • Trust Policy
      • Contributing
      • Documentation
      • JavaScript
      • Python
      • JSON Schema
      • Release Drafter
      • Report Generation
      • Testing
      • Versioning
      • FAQ
      • Comparison to other tools
      • Jira Ticket Automation

    Credentials Exposure

    Credentials Exposure actions return credentials as part of the API response , such as ecr:GetAuthorizationToken, iam:UpdateAccessKey, and others. The full list is below.

    • chime:createapikey
    • codepipeline:pollforjobs
    • cognito-identity:getopenidtoken
    • cognito-identity:getopenidtokenfordeveloperidentity
    • cognito-identity:getcredentialsforidentity
    • connect:getfederationtoken
    • connect:getfederationtokens
    • ec2:getpassworddata
    • ecr:getauthorizationtoken
    • gamelift:requestuploadcredentials
    • iam:createaccesskey
    • iam:createloginprofile
    • iam:createservicespecificcredential
    • iam:resetservicespecificcredential
    • iam:updateaccesskey
    • lightsail:getinstanceaccessdetails
    • lightsail:getrelationaldatabasemasteruserpassword
    • rds-db:connect
    • redshift:getclustercredentials
    • sso:getrolecredentials
    • mediapackage:rotatechannelcredentials
    • mediapackage:rotateingestendpointcredentials
    • sts:assumerole
    • sts:assumerolewithsaml
    • sts:assumerolewithwebidentity
    • sts:getfederationtoken
    • sts:getsessiontoken
    Previous Data Exfiltration
    Next Infrastructure Modification
    Made with Material for MkDocs