diff --git a/.gitignore b/.gitignore index 17451c5..f818240 100644 --- a/.gitignore +++ b/.gitignore @@ -104,3 +104,4 @@ venv.bak/ .mypy_cache/ .idea/* +.DS_Store diff --git a/enumerate-iam.py b/enumerate-iam.py index c2b3bf5..19b1ce7 100755 --- a/enumerate-iam.py +++ b/enumerate-iam.py @@ -1,5 +1,6 @@ -#!/usr/bin/env python +#!/opt/homebrew/bin/python3 import argparse +import getpass from enumerate_iam.main import enumerate_iam @@ -7,17 +8,23 @@ def main(): parser = argparse.ArgumentParser(description='Enumerate IAM permissions') - parser.add_argument('--access-key', help='AWS access key', required=True) - parser.add_argument('--secret-key', help='AWS secret key', required=True) + parser.add_argument('--access-key', help='AWS access key') + parser.add_argument('--secret-key', help='AWS secret key') parser.add_argument('--session-token', help='STS session token') parser.add_argument('--region', help='AWS region to send API requests to', default='us-east-1') args = parser.parse_args() + if args.access_key is None: + args.access_key = input("Enter AWS access key: ") + + if args.secret_key is None: + args.secret_key = getpass.getpass("Enter AWS secret key: ") + enumerate_iam(args.access_key, - args.secret_key, - args.session_token, - args.region) + args.secret_key, + args.session_token, + args.region) if __name__ == '__main__': diff --git a/enumerate_iam/bruteforce_tests.py b/enumerate_iam/bruteforce_tests.py index 2fb8741..5a5f678 100644 --- a/enumerate_iam/bruteforce_tests.py +++ b/enumerate_iam/bruteforce_tests.py @@ -8,15 +8,39 @@ "get_skill_group", "list_business_report_schedules", "list_conference_providers", + "list_gateway_groups", + "list_gateways", "list_skills", "list_skills_store_categories" ], + "access-analyzer": [ + "list_analyzers", + "list_policy_generations" + ], + "account": [ + "get_contact_information", + "list_regions" + ], "acm": [ + "get_account_configuration", "list_certificates" ], + "airflow": [ + "list_environments" + ], "amplify": [ "list_apps" ], + "amplifybackend": [ + "list_s3_buckets" + ], + "aoss": [ + "batch_get_collection", + "get_account_settings", + "get_policies_stats", + "list_collections", + "list_vpc_endpoints" + ], "apigateway": [ "get_account", "get_api_keys", @@ -26,27 +50,93 @@ "get_sdk_types", "get_usage_plans", "get_vpc_links", - "get_domain_names" + "get_domain_names", + "get_vpc_links" + ], + "app-integrations": [ + "list_applications", + "list_data_integrations", + "list_event_integrations" + ], + "appconfig": [ + "list_applications", + "list_deployment_strategies", + "list_extension_associations", + "list_extensions" + ], + "appfabric": [ + "list_app_bundles" + ], + "appflow": [ + "describe_connector_profiles", + "describe_connectors", + "list_connector_entities", + "list_connectors", + "list_flows" + ], + "application-cost-profiler": [ + "list_report_definitions" + ], + "applicationinsights": [ + "list_applications", + "list_configuration_history", + "list_problems" ], "appmesh": [ "list_meshes", "list_meshes" ], + "apprunner": [ + "list_auto_scaling_configurations", + "list_connections", + "list_observability_configurations", + "list_services", + "list_vpc_connectors", + "list_vpc_ingress_connections" + ], "appstream2": [ + "describe_app_block_builder_app_block_associations", + "describe_app_block_builders", + "describe_app_blocks", + "describe_application_fleet_associations", "describe_directory_configs", "describe_fleets", "describe_image_builders", "describe_images", + "describe_usage_report_subscriptions", "describe_user_stack_associations" ], "appsync": [ + "list_domain_names", "list_graphql_apis" ], + "aps": [ + "list_workspaces" + ], + "arc-zonal-shift": [ + "list_managed_resources", + "list_zonal_shifts" + ], "athena": [ + "list_application_dpu_sizes", + "list_capacity_reservations", + "list_data_catalogs", + "list_engine_versions", "list_named_queries", "list_query_executions", "list_work_groups" ], + "auditmanager": [ + "get_account_status", + "get_delegations", + "get_insights", + "get_organization_admin_account", + "get_services_in_scope", + "list_assessment_reports", + "list_assessments", + "list_control_domain_insights", + "list_notifications" + ], "autoscaling": [ "describe_account_limits", "describe_adjustment_types", @@ -65,45 +155,114 @@ "describe_termination_policy_types" ], "backup": [ + "describe_global_settings", + "describe_region_settings", "get_supported_resource_types", "list_backup_jobs", "list_backup_plan_templates", "list_backup_plans", "list_backup_vaults", + "list_copy_jobs", + "list_frameworks", + "list_legal_holds", "list_protected_resources", + "list_report_jobs", + "list_report_plans", "list_restore_jobs" ], + "backup-gateway": [ + "list_gateways", + "list_hypervisors", + "list_virtual_machines" + ], "batch": [ "describe_compute_environments", "describe_job_definitions", "describe_job_queues", - "list_jobs" + "list_jobs", + "list_scheduling_policies" + ], + "bedrock": [ + "get_model_invocation_logging_configuration", + "list_custom_models", + "list_foundation_models", + "list_model_customization_jobs", + "list_provisioned_model_throughputs" + ], + "billingconductor": [ + "list_account_associations", + "list_billing_group_cost_reports", + "list_billing_groups", + "list_custom_line_items", + "list_pricing_plans", + "list_pricing_rules" + ], + "cases": [ + "list_domains" + ], + "cassandra": [ + "list_keyspaces" + ], + "ce": [ + "get_anomaly_monitors", + "get_anomaly_subscriptions", + "list_cost_allocation_tags", + "list_cost_category_definitions", + "list_savings_plans_purchase_recommendation_generation" ], "chime": [ - "list_accounts" + "get_global_settings", + "get_messaging_session_endpoint", + "get_phone_number_settings", + "list_accounts", + "list_app_instances", + "list_channel_memberships_for_app_instance_user", + "list_channels_moderated_by_app_instance_user", + "list_media_capture_pipelines", + "list_meetings", + "list_phone_number_orders", + "list_phone_numbers", + "list_sip_media_applications", + "list_sip_rules", + "list_voice_connector_groups", + "list_voice_connectors" + ], + "cleanrooms": [ + "list_collaborations", + "list_configured_tables", + "list_memberships" ], "cloud9": [ "describe_environment_memberships", "list_environments" ], + "cloudcontrolapi": [ + "list_resource_requests" + ], "clouddirectory": [ "list_development_schema_arns", "list_directories", + "list_managed_schema_arns", "list_published_schema_arns", "list_development_schema_arns", "list_directories", - "list_managed_schema_arns", "list_published_schema_arns" ], "cloudformation": [ "describe_account_limits", + "describe_organizations_access", + "describe_publisher", "describe_stack_events", "describe_stack_resources", + "describe_type", "get_template", "get_template_summary", "list_exports", "list_stack_sets", - "list_stacks" + "list_stacks", + "list_type_registrations", + "list_type_versions", + "list_types" ], "cloudfront": [ "list_cloud_front_origin_access_identities", @@ -111,6 +270,24 @@ "list_field_level_encryption_configs", "list_field_level_encryption_profiles", "list_streaming_distributions", + "get_realtime_log_config", + "list_cache_policies", + "list_cloud_front_origin_access_identities", + "list_continuous_deployment_policies", + "list_distributions", + "list_distributions_by_realtime_log_config", + "list_field_level_encryption_configs", + "list_field_level_encryption_profiles", + "list_functions", + "list_key_groups", + "list_origin_access_controls", + "list_origin_request_policies", + "list_realtime_log_configs", + "list_response_headers_policies", + "list_streaming_distributions", + "list_cloud_front_origin_access_identities", + "list_distributions", + "list_streaming_distributions", "list_cloud_front_origin_access_identities", "list_distributions", "list_streaming_distributions", @@ -126,6 +303,8 @@ "list_streaming_distributions", "list_cloud_front_origin_access_identities", "list_distributions", + "list_field_level_encryption_configs", + "list_field_level_encryption_profiles", "list_streaming_distributions" ], "cloudhsm": [ @@ -146,28 +325,56 @@ "describe_domains" ], "cloudtrail": [ - "describe_trails" + "describe_trails", + "list_channels", + "list_event_data_stores", + "list_imports", + "list_trails" + ], + "codeartifact": [ + "list_domains", + "list_repositories" ], "codebuild": [ + "list_build_batches", + "list_build_batches_for_project", "list_builds", "list_curated_environment_images", "list_projects", + "list_report_groups", + "list_reports", + "list_shared_projects", + "list_shared_report_groups", "list_source_credentials" ], + "codecatalyst": [ + "get_user_details", + "list_access_tokens", + "list_spaces" + ], "codecommit": [ "get_branch", + "list_approval_rule_templates", "list_repositories" ], "codedeploy": [ - "batch_get_deployment_targets", - "get_deployment_target", "list_applications", "list_deployment_configs", - "list_deployment_targets", "list_deployments", "list_git_hub_account_token_names", "list_on_premises_instances" ], + "codeguru-profiler": [ + "get_findings_report_account_summary", + "list_profiling_groups" + ], + "codeguru-reviewer": [ + "list_repository_associations" + ], + "codeguru-security": [ + "get_account_configuration", + "list_scans" + ], "codepipeline": [ "list_action_types", "list_pipelines", @@ -177,19 +384,50 @@ "list_projects", "list_user_profiles" ], + "codestar-connections": [ + "list_connections", + "list_hosts" + ], "cognito-sync": [ "list_identity_pool_usage" ], "comprehend": [ + "list_datasets", "list_document_classification_jobs", + "list_document_classifier_summaries", "list_document_classifiers", "list_dominant_language_detection_jobs", + "list_endpoints", "list_entities_detection_jobs", + "list_entity_recognizer_summaries", "list_entity_recognizers", + "list_events_detection_jobs", + "list_flywheels", "list_key_phrases_detection_jobs", + "list_pii_entities_detection_jobs", "list_sentiment_detection_jobs", + "list_targeted_sentiment_detection_jobs", "list_topics_detection_jobs" ], + "comprehendmedical": [ + "list_entities_detection_v2_jobs", + "list_icd10_cm_inference_jobs", + "list_phi_detection_jobs", + "list_rx_norm_inference_jobs", + "list_snomedct_inference_jobs" + ], + "compute-optimizer": [ + "describe_recommendation_export_jobs", + "get_auto_scaling_group_recommendations", + "get_ebs_volume_recommendations", + "get_ec2_instance_recommendations", + "get_ecs_service_recommendations", + "get_enrollment_status", + "get_enrollment_statuses_for_organization", + "get_lambda_function_recommendations", + "get_license_recommendations", + "get_recommendation_summaries" + ], "config": [ "describe_aggregation_authorizations", "describe_compliance_by_config_rule", @@ -199,28 +437,66 @@ "describe_configuration_aggregators", "describe_configuration_recorder_status", "describe_configuration_recorders", + "describe_conformance_pack_status", + "describe_conformance_packs", "describe_delivery_channel_status", "describe_delivery_channels", + "describe_organization_config_rule_statuses", + "describe_organization_config_rules", + "describe_organization_conformance_pack_statuses", + "describe_organization_conformance_packs", "describe_pending_aggregation_requests", "describe_retention_configurations", + "get_compliance_details_by_resource", "get_compliance_summary_by_config_rule", "get_compliance_summary_by_resource_type", - "get_discovered_resource_counts" + "get_custom_rule_policy", + "get_discovered_resource_counts", + "list_resource_evaluations", + "list_stored_queries" + ], + "connect": [ + "list_instances", + "list_phone_numbers_v2", + "list_traffic_distribution_groups" + ], + "controlplane.payment-cryptography": [ + "list_aliases", + "list_keys" ], "cur": [ "describe_report_definitions" ], + "data-ats.iot": [ + "list_retained_messages" + ], "data.mediastore": [ "list_items" ], + "databrew": [ + "list_datasets", + "list_jobs", + "list_projects", + "list_recipes", + "list_rulesets", + "list_schedules" + ], + "dataexchange": [ + "list_data_sets", + "list_event_actions", + "list_jobs" + ], "datapipeline": [ "list_pipelines" ], "datasync": [ "list_agents", - "list_locations", - "list_task_executions", - "list_tasks" + "list_discovery_jobs", + "list_storage_systems", + "list_task_executions" + ], + "datazone": [ + "list_domains" ], "dax": [ "describe_clusters", @@ -228,9 +504,15 @@ "describe_parameter_groups", "describe_subnet_groups" ], + "detective": [ + "list_graphs", + "list_invitations", + "list_organization_admin_accounts" + ], "devicefarm": [ "get_account_settings", "get_offering_status", + "get_test_grid_session", "list_device_instances", "list_devices", "list_instance_profiles", @@ -238,13 +520,25 @@ "list_offering_transactions", "list_offerings", "list_projects", + "list_test_grid_projects", "list_vpce_configurations" ], "devices.iot1click": [ "list_devices" ], + "devops-guru": [ + "describe_account_health", + "describe_event_sources_config", + "describe_feedback", + "describe_organization_health", + "describe_service_integration", + "get_cost_estimation", + "list_notification_channels" + ], "directconnect": [ "describe_connections", + "describe_customer_metadata", + "describe_direct_connect_gateway_association_proposals", "describe_direct_connect_gateway_associations", "describe_direct_connect_gateway_attachments", "describe_direct_connect_gateways", @@ -252,7 +546,8 @@ "describe_lags", "describe_locations", "describe_virtual_gateways", - "describe_virtual_interfaces" + "describe_virtual_interfaces", + "list_virtual_interface_test_history" ], "discovery": [ "describe_agents", @@ -267,17 +562,48 @@ ], "dms": [ "describe_account_attributes", + "describe_applicable_individual_assessments", "describe_certificates", "describe_connections", + "describe_data_providers", "describe_endpoint_types", "describe_endpoints", + "describe_engine_versions", "describe_event_categories", "describe_event_subscriptions", + "describe_fleet_advisor_collectors", + "describe_fleet_advisor_databases", + "describe_fleet_advisor_lsa_analysis", + "describe_fleet_advisor_schema_object_summary", + "describe_fleet_advisor_schemas", + "describe_instance_profiles", + "describe_migration_projects", "describe_orderable_replication_instances", + "describe_pending_maintenance_actions", + "describe_recommendation_limitations", + "describe_recommendations", + "describe_replication_configs", "describe_replication_instances", "describe_replication_subnet_groups", "describe_replication_task_assessment_results", - "describe_replication_tasks" + "describe_replication_task_assessment_runs", + "describe_replication_task_individual_assessments", + "describe_replication_tasks", + "describe_replications", + "list_tags_for_resource" + ], + "docdb-elastic": [ + "list_cluster_snapshots", + "list_clusters" + ], + "drs": [ + "describe_jobs", + "describe_launch_configuration_templates", + "describe_recovery_instances", + "describe_replication_configuration_templates", + "describe_source_networks", + "describe_source_servers", + "list_staging_accounts" ], "ds": [ "describe_directories", @@ -288,28 +614,40 @@ "list_log_subscriptions" ], "dynamodb": [ + "list_tables", "describe_endpoints", "describe_limits", "list_backups", + "list_contributor_insights", + "list_exports", "list_global_tables", - "list_tables", + "list_imports", "list_tables" ], "ec2": [ "describe_account_attributes", + "describe_address_transfers", "describe_addresses", + "describe_addresses_attribute", "describe_aggregate_id_format", "describe_availability_zones", + "describe_aws_network_performance_metric_subscriptions", "describe_bundle_tasks", + "describe_capacity_reservation_fleets", "describe_capacity_reservations", + "describe_carrier_gateways", "describe_classic_link_instances", "describe_client_vpn_endpoints", + "describe_coip_pools", "describe_conversion_tasks", "describe_customer_gateways", "describe_dhcp_options", "describe_egress_only_internet_gateways", "describe_elastic_gpus", + "describe_export_image_tasks", "describe_export_tasks", + "describe_fast_launch_images", + "describe_fast_snapshot_restores", "describe_fleets", "describe_flow_logs", "describe_fpga_images", @@ -321,16 +659,38 @@ "describe_images", "describe_import_image_tasks", "describe_import_snapshot_tasks", + "describe_instance_connect_endpoints", "describe_instance_credit_specifications", + "describe_instance_event_notification_attributes", + "describe_instance_event_windows", "describe_instance_status", + "describe_instance_type_offerings", + "describe_instance_types", "describe_instances", "describe_internet_gateways", + "describe_ipam_pools", + "describe_ipam_resource_discoveries", + "describe_ipam_resource_discovery_associations", + "describe_ipam_scopes", + "describe_ipams", + "describe_ipv6_pools", "describe_key_pairs", "describe_launch_template_versions", "describe_launch_templates", + "describe_local_gateway_route_table_virtual_interface_group_associations", + "describe_local_gateway_route_table_vpc_associations", + "describe_local_gateway_route_tables", + "describe_local_gateway_virtual_interface_groups", + "describe_local_gateway_virtual_interfaces", + "describe_local_gateways", + "describe_managed_prefix_lists", "describe_moving_addresses", "describe_nat_gateways", "describe_network_acls", + "describe_network_insights_access_scope_analyses", + "describe_network_insights_access_scopes", + "describe_network_insights_analyses", + "describe_network_insights_paths", "describe_network_interface_permissions", "describe_network_interfaces", "describe_placement_groups", @@ -338,24 +698,43 @@ "describe_principal_id_format", "describe_public_ipv4_pools", "describe_regions", + "describe_replace_root_volume_tasks", "describe_reserved_instances", "describe_reserved_instances_listings", "describe_reserved_instances_modifications", "describe_reserved_instances_offerings", "describe_route_tables", "describe_scheduled_instances", + "describe_security_group_rules", "describe_security_groups", + "describe_snapshot_tier_status", "describe_snapshots", "describe_spot_datafeed_subscription", "describe_spot_fleet_requests", "describe_spot_instance_requests", "describe_spot_price_history", + "describe_store_image_tasks", "describe_subnets", "describe_tags", + "describe_traffic_mirror_filters", + "describe_traffic_mirror_sessions", + "describe_traffic_mirror_targets", "describe_transit_gateway_attachments", + "describe_transit_gateway_connect_peers", + "describe_transit_gateway_connects", + "describe_transit_gateway_multicast_domains", + "describe_transit_gateway_peering_attachments", + "describe_transit_gateway_policy_tables", + "describe_transit_gateway_route_table_announcements", "describe_transit_gateway_route_tables", "describe_transit_gateway_vpc_attachments", "describe_transit_gateways", + "describe_trunk_interface_associations", + "describe_verified_access_endpoints", + "describe_verified_access_groups", + "describe_verified_access_instance_logging_configurations", + "describe_verified_access_instances", + "describe_verified_access_trust_providers", "describe_volume_status", "describe_volumes", "describe_volumes_modifications", @@ -369,13 +748,32 @@ "describe_vpc_peering_connections", "describe_vpcs", "describe_vpn_connections", - "describe_vpn_gateways" + "describe_vpn_gateways", + "get_aws_network_performance_data", + "get_ebs_default_kms_key_id", + "get_ebs_encryption_by_default", + "get_image_block_public_access_state", + "get_serial_console_access_status", + "get_vpn_connection_device_types", + "list_images_in_recycle_bin", + "list_snapshots_in_recycle_bin" ], "ecr": [ + "describe_pull_through_cache_rules", + "describe_registry", "describe_repositories", - "get_authorization_token" + "get_authorization_token", + "get_registry_policy", + "get_registry_scanning_configuration" + ], + "ecr-public": [ + "describe_registries", + "describe_repositories", + "get_authorization_token", + "get_registry_catalog_data" ], "ecs": [ + "describe_capacity_providers", "describe_clusters", "list_account_settings", "list_clusters", @@ -386,18 +784,27 @@ "list_tasks" ], "eks": [ + "describe_addon_versions", "list_clusters" ], + "elastic-inference": [ + "describe_accelerator_types", + "describe_accelerators" + ], "elasticache": [ "describe_cache_clusters", "describe_cache_engine_versions", "describe_cache_parameter_groups", "describe_cache_security_groups", "describe_cache_subnet_groups", + "describe_global_replication_groups", "describe_replication_groups", "describe_reserved_cache_nodes", "describe_reserved_cache_nodes_offerings", + "describe_service_updates", "describe_snapshots", + "describe_update_actions", + "describe_user_groups", "list_allowed_node_type_modifications" ], "elasticbeanstalk": [ @@ -408,28 +815,38 @@ "describe_environment_managed_actions", "describe_environment_resources", "describe_instances_health", - "describe_platform_version" + "describe_platform_version", + "list_platform_branches" ], "elasticfilesystem": [ + "describe_access_points", + "describe_account_preferences", "describe_file_systems", - "describe_mount_targets" + "describe_mount_targets", + "describe_replication_configurations" ], "elasticloadbalancing": [ - "describe_account_limits", - "describe_load_balancer_policies", - "describe_load_balancer_policy_types", - "describe_load_balancers", "describe_account_limits", "describe_listeners", "describe_load_balancers", "describe_rules", "describe_ssl_policies", - "describe_target_groups" + "describe_target_groups", + "describe_account_limits", + "describe_load_balancer_policies", + "describe_load_balancer_policy_types", + "describe_load_balancers" ], "elasticmapreduce": [ "describe_job_flows", + "describe_release_label", + "get_block_public_access_configuration", "list_clusters", - "list_security_configurations" + "list_notebook_executions", + "list_release_labels", + "list_security_configurations", + "list_studio_session_mappings", + "list_studios" ], "elastictranscoder": [ "list_pipelines", @@ -453,31 +870,138 @@ "list_receipt_filters", "list_receipt_rule_sets", "list_templates", - "list_verified_email_addresses" + "list_verified_email_addresses", + "get_account", + "get_dedicated_ips", + "get_deliverability_dashboard_options", + "list_configuration_sets", + "list_contact_lists", + "list_custom_verification_email_templates", + "list_dedicated_ip_pools", + "list_deliverability_test_reports", + "list_email_identities", + "list_email_templates", + "list_export_jobs", + "list_import_jobs", + "list_recommendations", + "list_suppressed_destinations" + ], + "emr-containers": [ + "list_job_templates", + "list_virtual_clusters" + ], + "emr-serverless": [ + "list_applications" + ], + "entityresolution": [ + "list_id_mapping_workflows", + "list_matching_workflows", + "list_provider_services", + "list_schema_mappings" ], "es": [ + "describe_inbound_cross_cluster_search_connections", + "describe_outbound_cross_cluster_search_connections", + "describe_packages", "describe_reserved_elasticsearch_instance_offerings", "describe_reserved_elasticsearch_instances", "get_compatible_elasticsearch_versions", "list_domain_names", - "list_elasticsearch_versions" + "list_elasticsearch_versions", + "list_vpc_endpoints", + "describe_packages", + "list_domain_names", + "list_vpc_endpoints" ], "events": [ "describe_event_bus", + "list_api_destinations", + "list_archives", + "list_connections", + "list_event_buses", + "list_replays", + "list_rules", + "describe_event_bus", + "list_api_destinations", + "list_archives", + "list_connections", + "list_endpoints", + "list_event_buses", + "list_replays", "list_rules" ], + "evidently": [ + "list_projects", + "list_segments" + ], + "finspace": [ + "list_environments", + "list_kx_environments" + ], + "finspace-api": [ + "get_working_location", + "list_datasets" + ], "firehose": [ "list_delivery_streams" ], + "fis": [ + "list_actions", + "list_experiment_templates", + "list_experiments", + "list_target_resource_types" + ], + "fleethub.iot": [ + "list_applications" + ], "fms": [ "get_admin_account", "get_notification_channel", + "list_admin_accounts_for_organization", + "list_admins_managing_account", "list_member_accounts", - "list_policies" + "list_policies", + "list_resource_sets" + ], + "forecast": [ + "list_dataset_groups", + "list_dataset_import_jobs", + "list_datasets", + "list_explainabilities", + "list_explainability_exports", + "list_forecast_export_jobs", + "list_forecasts", + "list_monitors", + "list_predictor_backtest_export_jobs", + "list_predictors", + "list_what_if_analyses", + "list_what_if_forecast_exports", + "list_what_if_forecasts" + ], + "frauddetector": [ + "describe_model_versions", + "get_batch_import_jobs", + "get_batch_prediction_jobs", + "get_detectors", + "get_entity_types", + "get_event_types", + "get_external_models", + "get_kms_encryption_key", + "get_labels", + "get_lists_metadata", + "get_models", + "get_outcomes", + "get_variables" ], "fsx": [ "describe_backups", - "describe_file_systems" + "describe_data_repository_associations", + "describe_data_repository_tasks", + "describe_file_caches", + "describe_file_systems", + "describe_snapshots", + "describe_storage_virtual_machines", + "describe_volumes" ], "gamelift": [ "describe_ec2_instance_limits", @@ -494,11 +1018,25 @@ "describe_vpc_peering_connections", "list_aliases", "list_builds", - "list_fleets" + "list_fleets", + "list_game_server_groups", + "list_locations", + "list_scripts" + ], + "geo": [ + "list_geofence_collections", + "list_keys", + "list_maps", + "list_place_indexes", + "list_route_calculators", + "list_trackers" ], "globalaccelerator": [ - "describe_accelerator_attributes", - "list_accelerators" + "list_accelerators", + "list_byoip_cidrs", + "list_cross_account_attachments", + "list_cross_account_resource_accounts", + "list_custom_routing_accelerators" ], "glue": [ "get_catalog_import_status", @@ -511,13 +1049,29 @@ "get_dataflow_graph", "get_dev_endpoints", "get_jobs", + "get_ml_transforms", + "get_resource_policies", "get_resource_policy", + "get_schema_version", "get_security_configurations", "get_triggers", + "list_blueprints", "list_crawlers", + "list_custom_entity_types", + "list_data_quality_results", + "list_data_quality_rulesets", "list_dev_endpoints", "list_jobs", - "list_triggers" + "list_ml_transforms", + "list_registries", + "list_schemas", + "list_sessions", + "list_triggers", + "list_workflows" + ], + "grafana": [ + "list_versions", + "list_workspaces" ], "greengrass": [ "get_service_role_for_account", @@ -529,16 +1083,30 @@ "list_groups", "list_logger_definitions", "list_resource_definitions", - "list_subscription_definitions" + "list_subscription_definitions", + "get_service_role_for_account" + ], + "groundstation": [ + "list_configs", + "list_dataflow_endpoint_groups", + "list_ground_stations", + "list_mission_profiles", + "list_satellites" ], "guardduty": [ "get_invitations_count", "list_detectors", - "list_invitations" + "list_invitations", + "list_organization_admin_accounts" ], "health": [ "describe_entity_aggregates", - "describe_event_types" + "describe_event_types", + "describe_events_for_organization", + "describe_health_service_status_for_organization" + ], + "healthlake": [ + "list_fhir_datastores" ], "iam": [ "get_account_authorization_details", @@ -562,9 +1130,29 @@ "list_users", "list_virtual_mfa_devices" ], + "identity-chime": [ + "list_app_instances" + ], + "imagebuilder": [ + "list_components", + "list_container_recipes", + "list_distribution_configurations", + "list_image_pipelines", + "list_image_recipes", + "list_image_scan_finding_aggregations", + "list_image_scan_findings", + "list_images", + "list_infrastructure_configurations" + ], "importexport": [ "list_jobs" ], + "ingest.timestream": [ + "describe_endpoints", + "list_batch_load_tasks", + "list_databases", + "list_tables" + ], "inspector": [ "describe_cross_account_access_role", "list_assessment_runs", @@ -574,27 +1162,59 @@ "list_findings", "list_rules_packages" ], + "inspector2": [ + "batch_get_account_status", + "batch_get_member_ec2_deep_inspection_status", + "describe_organization_configuration", + "get_configuration", + "get_delegated_admin_account", + "get_ec2_deep_inspection_configuration", + "get_findings_report_status", + "list_account_permissions", + "list_coverage", + "list_coverage_statistics", + "list_delegated_admin_accounts", + "list_filters", + "list_members", + "list_usage_totals" + ], + "internetmonitor": [ + "list_monitors" + ], "iot": [ "describe_account_audit_configuration", "describe_default_authorizer", "describe_endpoint", "describe_event_configurations", + "get_behavior_model_training_summaries", "get_effective_policies", "get_indexing_configuration", "get_logging_options", + "get_package_configuration", "get_registration_code", "get_v2_logging_options", "list_active_violations", "list_audit_findings", + "list_audit_suppressions", "list_authorizers", "list_billing_groups", "list_ca_certificates", "list_certificates", + "list_custom_metrics", + "list_detect_mitigation_actions_executions", + "list_dimensions", + "list_domain_configurations", + "list_fleet_metrics", "list_indices", + "list_job_templates", "list_jobs", + "list_managed_job_templates", + "list_mitigation_actions", "list_ota_updates", "list_outgoing_certificates", + "list_packages", "list_policies", + "list_provisioning_templates", "list_role_aliases", "list_scheduled_audits", "list_security_profiles", @@ -603,6 +1223,7 @@ "list_thing_registration_tasks", "list_thing_types", "list_things", + "list_topic_rule_destinations", "list_topic_rules", "list_v2_logging_levels" ], @@ -613,21 +1234,125 @@ "list_datastores", "list_pipelines" ], + "iotdeviceadvisor": [ + "get_endpoint", + "list_suite_definitions", + "list_suite_runs" + ], + "iotevents": [ + "describe_logging_options", + "list_alarm_models", + "list_detector_models", + "list_inputs" + ], + "iotfleetwise": [ + "get_encryption_configuration", + "get_logging_options", + "get_register_account_status", + "list_campaigns", + "list_decoder_manifests", + "list_fleets", + "list_model_manifests", + "list_signal_catalogs", + "list_vehicles" + ], + "iotroborunner": [ + "list_sites" + ], + "iotsitewise": [ + "describe_default_encryption_configuration", + "describe_logging_options", + "describe_storage_configuration", + "describe_time_series", + "get_asset_property_value", + "get_asset_property_value_history", + "list_access_policies", + "list_asset_models", + "list_assets", + "list_bulk_import_jobs", + "list_gateways", + "list_portals", + "list_time_series" + ], + "iotthingsgraph": [ + "describe_namespace", + "get_namespace_deletion_status" + ], + "iottwinmaker": [ + "get_pricing_plan", + "list_workspaces" + ], + "iotwireless": [ + "get_event_configuration_by_resource_types", + "get_log_levels_by_resource_types", + "get_service_endpoint", + "list_destinations", + "list_device_profiles", + "list_fuota_tasks", + "list_multicast_groups", + "list_network_analyzer_configurations", + "list_partner_accounts", + "list_position_configurations", + "list_service_profiles", + "list_wireless_device_import_tasks", + "list_wireless_devices", + "list_wireless_gateway_task_definitions", + "list_wireless_gateways" + ], + "ivs": [ + "list_channels", + "list_playback_key_pairs", + "list_recording_configurations", + "list_streams" + ], + "ivschat": [ + "list_logging_configurations", + "list_rooms" + ], + "ivsrealtime": [ + "list_stages" + ], "kafka": [ - "list_clusters" + "get_compatible_kafka_versions", + "list_clusters", + "list_clusters_v2", + "list_configurations", + "list_kafka_versions", + "list_replicators", + "list_vpc_connections" + ], + "kafkaconnect": [ + "list_connectors", + "list_custom_plugins", + "list_worker_configurations" + ], + "kendra": [ + "list_indices" + ], + "kendra-ranking": [ + "list_rescore_execution_plans" ], "kinesis": [ "describe_limits", + "describe_stream", "describe_stream_consumer", - "list_shards", - "list_streams" + "describe_stream_summary", + "list_streams", + "list_tags_for_stream" ], "kinesisanalytics": [ "list_applications", "list_applications" ], "kinesisvideo": [ + "describe_edge_configuration", + "describe_image_generation_configuration", + "describe_mapped_resource_configuration", + "describe_media_storage_configuration", + "describe_notification_configuration", + "describe_signaling_channel", "describe_stream", + "list_signaling_channels", "list_streams", "list_tags_for_stream" ], @@ -636,29 +1361,72 @@ "list_aliases", "list_keys" ], + "lakeformation": [ + "get_data_lake_settings", + "list_data_cells_filter", + "list_lake_formation_opt_ins", + "list_lf_tags", + "list_permissions", + "list_resources", + "list_transactions" + ], "lambda": [ - "list_functions", "get_account_settings", + "list_code_signing_configs", "list_event_source_mappings", "list_functions", - "list_layers" + "list_layers", + "list_functions" + ], + "launchwizard": [ + "list_deployments", + "list_workloads" ], "license-manager": [ "get_service_settings", - "list_license_configurations" + "list_distributed_grants", + "list_license_configurations", + "list_license_conversion_tasks", + "list_license_manager_report_generators", + "list_licenses", + "list_received_grants", + "list_received_licenses", + "list_received_licenses_for_organization", + "list_tokens" + ], + "license-manager-linux-subscriptions": [ + "get_service_settings", + "list_linux_subscription_instances", + "list_linux_subscriptions" + ], + "license-manager-user-subscriptions": [ + "list_identity_providers", + "list_instances" ], "lightsail": [ "get_active_names", + "get_alarms", "get_blueprints", + "get_bucket_bundles", + "get_buckets", "get_bundles", + "get_certificates", "get_cloud_formation_stack_records", + "get_contact_methods", + "get_container_api_metadata", + "get_container_service_powers", + "get_container_services", "get_disk_snapshots", "get_disks", + "get_distribution_bundles", + "get_distribution_latest_cache_reset", + "get_distributions", "get_domains", "get_export_snapshot_records", "get_instance_snapshots", "get_instances", "get_key_pairs", + "get_load_balancer_tls_policies", "get_load_balancers", "get_operations", "get_regions", @@ -672,9 +1440,34 @@ "describe_destinations", "describe_export_tasks", "describe_log_groups", + "describe_log_streams", "describe_metric_filters", "describe_queries", - "describe_resource_policies" + "describe_query_definitions", + "describe_resource_policies", + "get_log_group_fields" + ], + "lookoutequipment": [ + "list_data_ingestion_jobs", + "list_datasets", + "list_inference_schedulers", + "list_label_groups", + "list_models", + "list_retraining_schedulers" + ], + "lookoutmetrics": [ + "list_alerts", + "list_anomaly_detectors", + "list_metric_sets" + ], + "lookoutvision": [ + "list_projects" + ], + "m2": [ + "get_signed_bluinsights_url", + "list_applications", + "list_engine_versions", + "list_environments" ], "machinelearning": [ "describe_batch_predictions", @@ -686,39 +1479,147 @@ "list_member_accounts", "list_s3_resources" ], + "macie2": [ + "batch_get_custom_data_identifiers", + "describe_buckets", + "describe_organization_configuration", + "get_administrator_account", + "get_automated_discovery_configuration", + "get_bucket_statistics", + "get_classification_export_configuration", + "get_findings_publication_configuration", + "get_invitations_count", + "get_macie_session", + "get_master_account", + "get_reveal_configuration", + "get_usage_statistics", + "get_usage_totals", + "list_allow_lists", + "list_classification_jobs", + "list_classification_scopes", + "list_custom_data_identifiers", + "list_findings", + "list_findings_filters", + "list_invitations", + "list_managed_data_identifiers", + "list_members", + "list_organization_admin_accounts", + "list_sensitivity_inspection_templates" + ], + "managedblockchain": [ + "list_accessors", + "list_invitations", + "list_networks" + ], + "media-pipelines-chime": [ + "list_media_capture_pipelines", + "list_media_insights_pipeline_configurations", + "list_media_pipeline_kinesis_video_stream_pools", + "list_media_pipelines" + ], "mediaconnect": [ + "list_bridges", "list_entitlements", - "list_flows" + "list_flows", + "list_gateway_instances", + "list_gateways", + "list_offerings", + "list_reservations" ], "mediaconvert": [ "describe_endpoints", + "get_policy", "list_job_templates", "list_jobs", "list_presets", "list_queues" ], "medialive": [ + "describe_account_configuration", "list_channels", + "list_input_devices", "list_input_security_groups", "list_inputs", + "list_multiplexes", "list_offerings", "list_reservations" ], "mediapackage": [ "list_channels", + "list_harvest_jobs", "list_origin_endpoints" ], + "mediapackage-vod": [ + "list_assets", + "list_packaging_configurations", + "list_packaging_groups" + ], + "mediapackagev2": [ + "list_channel_groups" + ], "mediastore": [ "describe_container", "list_containers" ], "mediatailor": [ - "list_playback_configurations" + "list_channels", + "list_playback_configurations", + "list_source_locations" + ], + "medical-imaging": [ + "list_datastores" + ], + "memory-db": [ + "describe_ac_ls", + "describe_clusters", + "describe_engine_versions", + "describe_parameter_groups", + "describe_reserved_nodes", + "describe_reserved_nodes_offerings", + "describe_service_updates", + "describe_snapshots", + "describe_subnet_groups" + ], + "messaging-chime": [ + "get_messaging_session_endpoint" ], "mgh": [ + "list_application_states", "list_migration_tasks", "list_progress_update_streams" ], + "mgn": [ + "describe_jobs", + "describe_launch_configuration_templates", + "describe_replication_configuration_templates", + "describe_source_servers", + "describe_vcenter_clients", + "list_applications", + "list_connectors", + "list_exports", + "list_imports", + "list_managed_accounts", + "list_waves" + ], + "migrationhub-config": [ + "describe_home_region_controls", + "get_home_region" + ], + "migrationhub-orchestrator": [ + "list_plugins", + "list_templates", + "list_workflows" + ], + "migrationhub-strategy": [ + "get_latest_assessment_id", + "get_portfolio_preferences", + "get_portfolio_summary", + "list_analyzable_servers", + "list_application_components", + "list_collectors", + "list_import_file_task", + "list_servers" + ], "mobile": [ "list_bundles", "list_projects" @@ -728,14 +1629,20 @@ "get_builtin_intents", "get_builtin_slot_types", "get_intents", + "get_migrations", "get_slot_types" ], "monitoring": [ "describe_alarm_history", "describe_alarms", - "list_dashboards" + "describe_anomaly_detectors", + "describe_insight_rules", + "list_dashboards", + "list_metric_streams" ], "mq": [ + "describe_broker_engine_types", + "describe_broker_instance_options", "list_brokers", "list_configurations" ], @@ -747,6 +1654,61 @@ "list_reviewable_hi_ts", "list_worker_blocks" ], + "neptune-db": [ + "get_engine_status", + "get_propertygraph_statistics", + "get_propertygraph_stream", + "get_propertygraph_summary", + "get_rdf_graph_summary", + "get_sparql_statistics", + "get_sparql_stream", + "list_gremlin_queries", + "list_loader_jobs", + "list_ml_data_processing_jobs", + "list_ml_endpoints", + "list_ml_model_training_jobs", + "list_ml_model_transform_jobs", + "list_open_cypher_queries" + ], + "network-firewall": [ + "describe_firewall", + "describe_firewall_policy", + "describe_logging_configuration", + "describe_rule_group", + "describe_rule_group_metadata", + "describe_tls_inspection_configuration", + "list_firewall_policies", + "list_firewalls", + "list_rule_groups", + "list_tls_inspection_configurations" + ], + "networkmanager": [ + "describe_global_networks", + "list_attachments", + "list_connect_peers", + "list_core_networks", + "list_organization_service_access_status", + "list_peerings" + ], + "nimble": [ + "list_eulas", + "list_studios" + ], + "oam": [ + "list_links", + "list_sinks" + ], + "omics": [ + "list_annotation_import_jobs", + "list_annotation_stores", + "list_reference_stores", + "list_run_groups", + "list_runs", + "list_sequence_stores", + "list_variant_import_jobs", + "list_variant_stores", + "list_workflows" + ], "opsworks": [ "describe_agent_versions", "describe_apps", @@ -771,15 +1733,66 @@ ], "organizations": [ "describe_organization", + "describe_resource_policy", "list_accounts", "list_aws_service_access_for_organization", "list_create_account_status", + "list_delegated_administrators", "list_handshakes_for_account", "list_handshakes_for_organization", "list_roots" ], + "osis": [ + "list_pipeline_blueprints", + "list_pipelines" + ], + "outposts": [ + "list_catalog_items", + "list_orders", + "list_outposts", + "list_sites" + ], + "panorama": [ + "list_application_instances", + "list_devices", + "list_devices_jobs", + "list_node_from_template_jobs", + "list_nodes", + "list_package_import_jobs", + "list_packages" + ], + "pca-connector-ad": [ + "list_connectors", + "list_directory_registrations" + ], + "personalize": [ + "list_batch_inference_jobs", + "list_batch_segment_jobs", + "list_campaigns", + "list_dataset_export_jobs", + "list_dataset_groups", + "list_dataset_import_jobs", + "list_datasets", + "list_event_trackers", + "list_filters", + "list_metric_attribution_metrics", + "list_metric_attributions", + "list_recipes", + "list_recommenders", + "list_schemas", + "list_solution_versions", + "list_solutions" + ], + "personalize-runtime": [ + "get_recommendations" + ], "pinpoint": [ - "get_apps" + "get_apps", + "get_recommender_configurations", + "list_templates" + ], + "pipes": [ + "list_pipes" ], "polly": [ "describe_voices", @@ -789,11 +1802,41 @@ "pricing": [ "describe_services" ], + "private-networks": [ + "list_networks" + ], + "profile": [ + "list_domains", + "list_profile_object_type_templates" + ], "projects.iot1click": [ "list_projects" ], + "proton": [ + "get_account_settings", + "get_resources_summary", + "list_components", + "list_deployments", + "list_environment_templates", + "list_repositories", + "list_service_instances", + "list_service_templates", + "list_services" + ], + "qldb": [ + "list_journal_s3_exports", + "list_ledgers" + ], + "query.timestream": [ + "describe_endpoints", + "list_scheduled_queries" + ], "ram": [ - "get_resource_share_invitations" + "get_resource_share_invitations", + "list_permission_associations", + "list_permissions", + "list_replace_permission_associations_work", + "list_resource_types" ], "rds": [ "describe_db_engine_versions", @@ -818,14 +1861,7 @@ "describe_option_groups", "describe_reserved_db_instances", "describe_reserved_db_instances_offerings", - "describe_account_attributes", - "describe_certificates", - "describe_db_cluster_endpoints", - "describe_db_cluster_parameter_groups", - "describe_db_cluster_snapshots", - "describe_db_clusters", "describe_db_engine_versions", - "describe_db_instance_automated_backups", "describe_db_instances", "describe_db_parameter_groups", "describe_db_security_groups", @@ -833,44 +1869,60 @@ "describe_db_subnet_groups", "describe_event_categories", "describe_event_subscriptions", - "describe_global_clusters", "describe_option_groups", - "describe_pending_maintenance_actions", "describe_reserved_db_instances", "describe_reserved_db_instances_offerings", - "describe_source_regions", - "describe_db_cluster_parameter_groups", - "describe_db_cluster_snapshots", - "describe_db_clusters", "describe_db_engine_versions", "describe_db_instances", "describe_db_parameter_groups", + "describe_db_security_groups", + "describe_db_snapshots", "describe_db_subnet_groups", "describe_event_categories", "describe_event_subscriptions", - "describe_pending_maintenance_actions", + "describe_option_groups", + "describe_reserved_db_instances", + "describe_reserved_db_instances_offerings", + "describe_account_attributes", + "describe_blue_green_deployments", + "describe_certificates", + "describe_db_cluster_automated_backups", + "describe_db_cluster_endpoints", + "describe_db_cluster_parameter_groups", + "describe_db_cluster_snapshots", + "describe_db_clusters", "describe_db_engine_versions", + "describe_db_instance_automated_backups", "describe_db_instances", "describe_db_parameter_groups", + "describe_db_proxies", + "describe_db_proxy_endpoints", "describe_db_security_groups", "describe_db_snapshots", "describe_db_subnet_groups", "describe_event_categories", "describe_event_subscriptions", + "describe_export_tasks", + "describe_global_clusters", + "describe_integrations", "describe_option_groups", + "describe_pending_maintenance_actions", "describe_reserved_db_instances", "describe_reserved_db_instances_offerings", + "describe_source_regions", + "describe_db_cluster_endpoints", + "describe_db_cluster_parameter_groups", + "describe_db_cluster_snapshots", + "describe_db_clusters", "describe_db_engine_versions", "describe_db_instances", "describe_db_parameter_groups", - "describe_db_security_groups", - "describe_db_snapshots", "describe_db_subnet_groups", "describe_event_categories", "describe_event_subscriptions", - "describe_option_groups", - "describe_reserved_db_instances", - "describe_reserved_db_instances_offerings", + "describe_global_clusters", + "describe_pending_maintenance_actions", + "describe_certificates", "describe_db_cluster_parameter_groups", "describe_db_cluster_snapshots", "describe_db_clusters", @@ -878,10 +1930,13 @@ "describe_db_instances", "describe_db_subnet_groups", "describe_event_categories", + "describe_event_subscriptions", + "describe_global_clusters", "describe_pending_maintenance_actions" ], "redshift": [ "describe_account_attributes", + "describe_authentication_profiles", "describe_cluster_db_revisions", "describe_cluster_parameter_groups", "describe_cluster_security_groups", @@ -889,35 +1944,98 @@ "describe_cluster_tracks", "describe_cluster_versions", "describe_clusters", + "describe_custom_domain_associations", + "describe_data_shares", + "describe_data_shares_for_consumer", + "describe_data_shares_for_producer", + "describe_endpoint_access", + "describe_endpoint_authorization", "describe_event_categories", "describe_event_subscriptions", "describe_hsm_client_certificates", "describe_hsm_configurations", + "describe_inbound_integrations", "describe_orderable_cluster_options", + "describe_reserved_node_exchange_status", "describe_reserved_node_offerings", "describe_reserved_nodes", "describe_snapshot_copy_grants", "describe_snapshot_schedules", "describe_storage", "describe_table_restore_status", - "describe_tags" + "describe_tags", + "describe_usage_limits", + "get_cluster_credentials_with_iam" + ], + "redshift-data": [ + "list_statements" + ], + "redshift-serverless": [ + "get_credentials", + "get_snapshot", + "list_custom_domain_associations", + "list_endpoint_access", + "list_namespaces", + "list_recovery_points", + "list_snapshots", + "list_table_restore_status", + "list_usage_limits", + "list_workgroups" + ], + "refactor-spaces": [ + "list_environments" ], "rekognition": [ + "describe_projects", "list_collections", + "list_media_analysis_jobs", "list_stream_processors" ], + "resiliencehub": [ + "list_app_assessments", + "list_apps", + "list_resiliency_policies", + "list_suggested_resiliency_policies" + ], + "resource-explorer-2": [ + "batch_get_view", + "get_default_view", + "get_index", + "list_indexes", + "list_supported_resource_types", + "list_views" + ], + "resource-groups": [ + "get_account_settings", + "get_group", + "get_group_configuration", + "get_group_query" + ], "robomaker": [ + "get_world_template_body", "list_deployment_jobs", "list_fleets", "list_robot_applications", "list_robots", "list_simulation_applications", - "list_simulation_jobs" + "list_simulation_job_batches", + "list_simulation_jobs", + "list_world_export_jobs", + "list_world_generation_jobs", + "list_world_templates", + "list_worlds" + ], + "rolesanywhere": [ + "list_crls", + "list_profiles", + "list_subjects", + "list_trust_anchors" ], "route53": [ "get_health_check_count", "get_hosted_zone_count", "get_traffic_policy_instance_count", + "list_cidr_collections", "list_health_checks", "list_hosted_zones", "list_hosted_zones_by_name", @@ -926,36 +2044,128 @@ "list_traffic_policies", "list_traffic_policy_instances" ], + "route53-recovery-cluster": [ + "list_routing_controls" + ], + "route53-recovery-control-config": [ + "list_clusters", + "list_control_panels" + ], + "route53-recovery-readiness": [ + "list_cells", + "list_cross_account_authorizations", + "list_readiness_checks", + "list_recovery_groups", + "list_resource_sets", + "list_rules" + ], "route53domains": [ "get_contact_reachability_status", - "list_domains", - "list_operations" + "list_operations", + "list_prices" ], "route53resolver": [ + "list_firewall_configs", + "list_firewall_domain_lists", + "list_firewall_rule_group_associations", + "list_firewall_rule_groups", + "list_outpost_resolvers", + "list_resolver_configs", + "list_resolver_dnssec_configs", "list_resolver_endpoints", + "list_resolver_query_log_config_associations", + "list_resolver_query_log_configs", "list_resolver_rule_associations", "list_resolver_rules" ], + "rum": [ + "list_app_monitors" + ], "s3": [ "list_buckets" ], + "s3-outposts": [ + "list_endpoints", + "list_outposts_with_s3" + ], "sagemaker": [ + "get_sagemaker_servicecatalog_portfolio_status", + "list_actions", "list_algorithms", + "list_app_image_configs", + "list_apps", + "list_artifacts", + "list_associations", + "list_auto_ml_jobs", "list_code_repositories", "list_compilation_jobs", + "list_contexts", + "list_data_quality_job_definitions", + "list_device_fleets", + "list_devices", + "list_domains", + "list_edge_deployment_plans", + "list_edge_packaging_jobs", "list_endpoint_configs", "list_endpoints", + "list_experiments", + "list_feature_groups", + "list_flow_definitions", + "list_hubs", + "list_human_task_uis", "list_hyper_parameter_tuning_jobs", + "list_images", + "list_inference_experiments", + "list_inference_recommendations_jobs", "list_labeling_jobs", + "list_lineage_groups", + "list_model_bias_job_definitions", + "list_model_cards", + "list_model_explainability_job_definitions", + "list_model_package_groups", "list_model_packages", + "list_model_quality_job_definitions", "list_models", + "list_monitoring_alert_history", + "list_monitoring_executions", + "list_monitoring_schedules", "list_notebook_instance_lifecycle_configs", "list_notebook_instances", + "list_pipeline_execution_steps", + "list_pipelines", + "list_processing_jobs", + "list_projects", + "list_resource_catalogs", + "list_spaces", + "list_studio_lifecycle_configs", "list_subscribed_workteams", "list_training_jobs", "list_transform_jobs", + "list_trial_components", + "list_trials", + "list_user_profiles", + "list_workforces", "list_workteams" ], + "sagemaker-geospatial": [ + "list_earth_observation_jobs", + "list_raster_data_collections", + "list_vector_enrichment_jobs" + ], + "savingsplans": [ + "describe_savings_plans", + "describe_savings_plans_offering_rates", + "describe_savings_plans_offerings" + ], + "scheduler": [ + "list_schedule_groups", + "list_schedules" + ], + "schemas": [ + "get_resource_policy", + "list_discoverers", + "list_registries" + ], "sdb": [ "list_domains" ], @@ -964,20 +2174,45 @@ "list_secrets" ], "securityhub": [ + "describe_action_targets", + "describe_hub", + "describe_organization_configuration", + "describe_products", + "describe_standards", + "get_administrator_account", "get_enabled_standards", "get_findings", "get_insights", "get_invitations_count", "get_master_account", + "list_automation_rules", "list_enabled_products_for_import", + "list_finding_aggregators", "list_invitations", - "list_members" + "list_members", + "list_organization_admin_accounts", + "list_security_control_definitions" + ], + "securitylake": [ + "get_data_lake_exception_subscription", + "get_data_lake_organization_configuration", + "get_data_lake_sources", + "list_data_lake_exceptions", + "list_data_lakes", + "list_log_sources", + "list_subscribers" ], "serverlessrepo": [ "list_applications" ], "servicecatalog": [ + "describe_product", + "describe_product_as_admin", + "describe_provisioned_product", + "describe_provisioning_artifact", + "describe_provisioning_parameters", "get_aws_organizations_access_status", + "get_provisioned_product_outputs", "list_accepted_portfolio_shares", "list_portfolios", "list_provisioned_product_plans", @@ -985,13 +2220,26 @@ "list_service_actions", "list_tag_options" ], + "servicecatalog-appregistry": [ + "get_configuration", + "list_applications", + "list_attribute_groups" + ], + "servicequotas": [ + "get_association_for_service_quota_template", + "list_requested_service_quota_change_history", + "list_service_quota_increase_requests_in_template", + "list_services" + ], "shield": [ + "describe_attack_statistics", "describe_drt_access", "describe_emergency_contact_settings", "describe_protection", "describe_subscription", "get_subscription_state", "list_attacks", + "list_protection_groups", "list_protections" ], "signer": [ @@ -999,6 +2247,9 @@ "list_signing_platforms", "list_signing_profiles" ], + "simspaceweaver": [ + "list_simulations" + ], "sms": [ "get_app", "get_app_launch_configuration", @@ -1011,17 +2262,26 @@ "sms-voice.pinpoint": [ "list_configuration_sets" ], + "snow-device-management": [ + "list_devices", + "list_tasks" + ], "snowball": [ "describe_addresses", "get_snowball_usage", "list_clusters", "list_compatible_images", - "list_jobs" + "list_jobs", + "list_long_term_pricing", + "list_pickup_locations" ], "sns": [ "get_sms_attributes", + "get_sms_sandbox_account_status", + "list_origination_numbers", "list_phone_numbers_opted_out", "list_platform_applications", + "list_sms_sandbox_phone_numbers", "list_subscriptions", "list_topics" ], @@ -1046,14 +2306,35 @@ "list_resource_compliance_summaries", "list_resource_data_sync" ], + "ssm-contacts": [ + "list_contacts", + "list_engagements", + "list_rotations" + ], + "ssm-incidents": [ + "list_incident_records", + "list_replication_sets", + "list_response_plans" + ], + "ssm-sap": [ + "get_application", + "get_database", + "list_applications", + "list_components", + "list_databases" + ], "states": [ "list_activities", + "list_executions", "list_state_machines" ], "storagegateway": [ "describe_tape_archives", + "list_automatic_tape_creation_policies", "list_file_shares", + "list_file_system_associations", "list_gateways", + "list_tape_pools", "list_tapes", "list_volumes" ], @@ -1069,19 +2350,85 @@ "describe_services", "describe_severity_levels" ], + "supportapp": [ + "get_account_alias", + "list_slack_channel_configurations", + "list_slack_workspace_configurations" + ], + "synthetics": [ + "describe_canaries", + "describe_canaries_last_run", + "describe_runtime_versions", + "list_groups" + ], "tagging": [ + "describe_report_creation", + "get_compliance_summary", "get_resources", "get_tag_keys" ], + "textract": [ + "list_adapter_versions", + "list_adapters" + ], + "tnb": [ + "list_sol_function_instances", + "list_sol_function_packages", + "list_sol_network_instances", + "list_sol_network_operations", + "list_sol_network_packages" + ], "transcribe": [ + "list_call_analytics_categories", + "list_call_analytics_jobs", + "list_language_models", + "list_medical_transcription_jobs", + "list_medical_vocabularies", "list_transcription_jobs", - "list_vocabularies" + "list_vocabularies", + "list_vocabulary_filters" ], "transfer": [ - "list_servers" + "list_certificates", + "list_connectors", + "list_profiles", + "list_security_policies", + "list_servers", + "list_workflows" ], "translate": [ - "list_terminologies" + "list_languages", + "list_parallel_data", + "list_terminologies", + "list_text_translation_jobs" + ], + "tunneling.iot": [ + "list_tunnels" + ], + "verifiedpermissions": [ + "list_policy_stores" + ], + "voice-chime": [ + "get_global_settings", + "get_phone_number_settings", + "list_available_voice_connector_regions", + "list_phone_number_orders", + "list_phone_numbers", + "list_sip_media_applications", + "list_sip_rules", + "list_voice_connector_groups", + "list_voice_connectors", + "list_voice_profile_domains" + ], + "voiceid": [ + "list_domains" + ], + "vpc-lattice": [ + "list_service_network_service_associations", + "list_service_network_vpc_associations", + "list_service_networks", + "list_services", + "list_target_groups" ], "waf": [ "get_change_token", @@ -1117,6 +2464,23 @@ "list_subscribed_rule_groups", "list_xss_match_sets" ], + "wafv2": [ + "get_rule_group" + ], + "wellarchitected": [ + "get_profile_template", + "list_lenses", + "list_notifications", + "list_profile_notifications", + "list_profiles", + "list_review_templates", + "list_share_invitations", + "list_workloads" + ], + "wisdom": [ + "list_assistants", + "list_knowledge_bases" + ], "workdocs": [ "describe_activities", "describe_users", @@ -1131,6 +2495,7 @@ "workspaces": [ "describe_account", "describe_account_modifications", + "describe_connection_aliases", "describe_ip_groups", "describe_workspace_bundles", "describe_workspace_directories", @@ -1138,11 +2503,21 @@ "describe_workspaces", "describe_workspaces_connection_status" ], + "workspaces-web": [ + "list_browser_settings", + "list_ip_access_settings", + "list_network_settings", + "list_portals", + "list_trust_stores", + "list_user_access_logging_settings", + "list_user_settings" + ], "xray": [ "get_encryption_config", "get_group", "get_groups", "get_sampling_rules", - "get_sampling_statistic_summaries" + "get_sampling_statistic_summaries", + "list_resource_policies" ] } \ No newline at end of file diff --git a/enumerate_iam/main.py b/enumerate_iam/main.py index 5a8491c..1800a63 100644 --- a/enumerate_iam/main.py +++ b/enumerate_iam/main.py @@ -16,9 +16,13 @@ * Increased API call coverage * Export as a library """ +import base64 +import binascii import re import json import logging +import sys + import boto3 import botocore import random @@ -34,6 +38,26 @@ MAX_THREADS = 25 CLIENT_POOL = {} +# ANSI escape codes for clearing the line +CLEAR_LINE = "\x1b[2K" # Clears the entire line +CURSOR_UP_ONE = "\x1b[A" # Moves the cursor up one line + +# Hashtable mapping Access key prefixes to types +ACCESS_KEY_PREFIXES = { + "ABIA": "AWS STS service bearer token", + "ACCA": "Context-specific credential", + "AGPA": "Group", + "AIDA": "IAM user", + "AIPA": "Amazon EC2 instance profile", + "AKIA": "Access key", + "ANPA": "Managed policy", + "ANVA": "Version in a managed policy", + "APKA": "Public key", + "AROA": "Role", + "ASCA": "Certificate", + "ASIA": "Temporary AWS STS key" +} + def report_arn(candidate): """ @@ -101,7 +125,6 @@ def enumerate_using_bruteforce(access_key, secret_key, session_token, region): def generate_args(access_key, secret_key, session_token, region): - service_names = list(BRUTEFORCE_TESTS.keys()) random.shuffle(service_names) @@ -126,7 +149,7 @@ def get_client(access_key, secret_key, session_token, service_name, region): config = Config(connect_timeout=5, read_timeout=5, - retries={'max_attempts': 30}, + retries={'max_attempts': 3}, max_pool_connections=MAX_POOL_CONNECTIONS * 2) try: @@ -156,6 +179,10 @@ def check_one_permission(arg_tuple): if service_client is None: return + # Create a string to display the service and operation names + display_string = f'Testing {service_name}.{operation_name}()' + print(display_string, end='\r') + try: action_function = getattr(service_client, operation_name) except AttributeError: @@ -164,14 +191,14 @@ def check_one_permission(arg_tuple): logger.error('Remove %s.%s action' % (service_name, operation_name)) return - logger.debug('Testing %s.%s() in region %s' % (service_name, operation_name, region)) - try: action_response = action_function() except (botocore.exceptions.ClientError, botocore.exceptions.EndpointConnectionError, botocore.exceptions.ConnectTimeoutError, - botocore.exceptions.ReadTimeoutError): + botocore.exceptions.ReadTimeoutError, + botocore.exceptions.NoAuthTokenError): + print(end=CLEAR_LINE) return except botocore.exceptions.ParamValidationError: logger.error('Remove %s.%s action' % (service_name, operation_name)) @@ -207,6 +234,37 @@ def configure_logging(): urllib3.disable_warnings(botocore.vendored.requests.packages.urllib3.exceptions.InsecureRequestWarning) +def get_key_type(access_key): + if not access_key: + return "Unknown" + + # Extract the first four letters of the access key + prefix = access_key[:4] + # Look up the prefix in the hashtable + key_type = ACCESS_KEY_PREFIXES.get(prefix, "Unknown") + + logger = logging.getLogger() + logger.info('Access key is a "%s"', key_type) + + return key_type + + +def get_account_id(access_key): + postfix = access_key[4:] # remove KeyID prefix + x = base64.b32decode(postfix) # base32 decode + y = x[0:6] + + z = int.from_bytes(y, byteorder='big', signed=False) + mask = int.from_bytes(binascii.unhexlify(b'7fffffffff80'), byteorder='big', signed=False) + + account_id = (z & mask) >> 7 + + logger = logging.getLogger() + logger.info('AWS account ID: "%s"', account_id) + + return account_id + + def enumerate_iam(access_key, secret_key, session_token, region): """IAM Account Enumerator. @@ -216,6 +274,8 @@ def enumerate_iam(access_key, secret_key, session_token, region): output = dict() configure_logging() + output['type'] = get_key_type(access_key) + output['account_id'] = get_account_id(access_key) output['iam'] = enumerate_using_iam(access_key, secret_key, session_token, region) output['bruteforce'] = enumerate_using_bruteforce(access_key, secret_key, session_token, region) @@ -432,4 +492,3 @@ def enumerate_user(iam_client, output): pass return output -