Credentials Exposure
Credentials Exposure actions return credentials as part of the API response , such as ecr:GetAuthorizationToken
, iam:UpdateAccessKey
, and others. The full list is below.
- chime:createapikey
- codepipeline:pollforjobs
- cognito-identity:getopenidtoken
- cognito-identity:getopenidtokenfordeveloperidentity
- cognito-identity:getcredentialsforidentity
- connect:getfederationtoken
- connect:getfederationtokens
- ec2:getpassworddata
- ecr:getauthorizationtoken
- gamelift:requestuploadcredentials
- iam:createaccesskey
- iam:createloginprofile
- iam:createservicespecificcredential
- iam:resetservicespecificcredential
- iam:updateaccesskey
- lightsail:getinstanceaccessdetails
- lightsail:getrelationaldatabasemasteruserpassword
- rds-db:connect
- redshift:getclustercredentials
- sso:getrolecredentials
- mediapackage:rotatechannelcredentials
- mediapackage:rotateingestendpointcredentials
- sts:assumerole
- sts:assumerolewithsaml
- sts:assumerolewithwebidentity
- sts:getfederationtoken
- sts:getsessiontoken