AWS Penetration Testing

By Jonathan Helmus
  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Chapter 1: Building Your AWS Environment

About this book

Cloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment.

You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through backdoor Lambda functions. As you advance, you'll explore the no-go areas where users can’t make changes due to vendor restrictions and find out how you can avoid being flagged to AWS in these cases. Finally, this book will take you through tips and tricks for securing your cloud environment in a professional way.

By the end of this penetration testing book, you'll have become well-versed in a variety of ethical hacking techniques for securing your AWS environment against modern cyber threats.

Publication date:
December 2020


Chapter 1: Building Your AWS Environment

Amazon Web Services (AWS) is a growing cloud technology provider that many companies use to help house their data. Originating from Seattle, Washington in late 2006, AWS is steadily becoming the most prominent service provider. Due to its usability and its user-friendly interfaces, AWS is used by over 800,000 companies and makes up 65% or more of the cloud infrastructure space. Some of its better-known services, such as S3, Lambda, and EC2 will be frequently talked about through this book and are services that are commonly used in the real world.

This chapter is going to go over the basics of AWS and will walk through setting up an AWS account. It's important that we learn the basics of getting our AWS account configured and ready so that there isn't any additional housekeeping needed after setting up an account. After setting up an account, we'll walk through and set up a few EC2 instances with various flavors of operating systems, and look at vulnerable services within those operating systems. It's encouraged that, after completing the chapter, you look at building out more EC2 instances with other operating systems for your environment.

In this chapter, we'll explore AWS through the following topics:

  • Exploring Amazon Web Services
  • Understanding the testing environment
  • Configuring the environment
  • Exploring vulnerable services
  • Attacking vulnerabilities
  • The AWS Command Line Interface

Technical requirements

To follow along with the instructions in this chapter, you will need the following:

Check out the following video to see the Code in Action:


Exploring Amazon Web Services (AWS)

AWS is a cloud service provided by Seattle tech company, Amazon. AWS's comprehensive and easy-to-use setup makes it very attractive to small start-ups and large corporations. It works by allowing companies and businesses to set up their infrastructure off-premises and within the physical resources of Amazon. This type of service, called Infrastructure as a Service, delivers cloud computing as a whole service. You will see more of how easy it is to automate and build in AWS as we set up our lab throughout this book. However, you'll also notice some issues that may commonly be overlooked, such as security.

AWS doesn't take full responsibility for companies' data and security. In fact, Amazon has put out a shared responsibility model that ensures that both parties understand their rights and responsibilities in terms of customers' data. After all, Amazon is a company that is known as customer-obsessed.

AWS security and...


Understanding our testing environment

It's essential to understand all the systems we are going to be deploying and their use in this book. Building a lab benefits security research because it allows you to perform the same tactics and techniques that real hackers would execute, without having to worry about breaking any laws. For our lab, we will be setting up various hosts that mimic real-life systems that you would see incorporated into businesses. The only difference is we will be using some much older versions of software and operating systems. The purpose of using older systems is because they typically are much more vulnerable than their up-to-date, newer versions, making learning pentesting much easier – and fun!

We want to ensure that we learn a little bit of everything, so we will be using both Windows- and Unix-based operating systems. These systems are built drastically differently but are systems that you will face in real-life pentesting situations.


Configuring your environment

Configuring your environment is the most important task of this book. Without it, you won't have anything to test your skills! Building out an environment will teach you how to configure instances, add resources to them, and connect to them.

Setting up an account

To begin the process of creating your own AWS account, follow these steps:

  1. Please open a browser of your choice and go to the AWS home page located at

    You will be greeted with a landing page and will see a button titled Create a Free Account. Simply click on Create a Free Account to get started with creating your profile:

    Figure 1.1 – AWS account creation

  2. After clicking the button, you'll see how to create an AWS account. Fill out the information accordingly. If you use a student email address, you can get access to extra goodies:

    Figure 1.2 – Account creation form

  3. Once the form's filled out, click Continue and you&apos...

Exploring vulnerable services

Vulnerable services can be the Achilles heel of a system if left unpatched. What this means is vulnerabilities, if left unpatched, leave a severe weakness in companies' systems that can allow malicious hackers to gain access. A vulnerability is classed as an issue in a system that, if not fixed, could cause large issues if it were to become an attack vector. Vulnerabilities come in many variants and can come in the form of outdated operating systems, open ports, unauthorized access, and many more. To fix known vulnerabilities and protect systems from attacks, patches and updates have to be installed accordingly. Doing so helps remediate most of the major problems you will see.

Discovering vulnerable services

Now that we know what a vulnerability is, let's mention the typical way pentesting discovers vulnerabilities:

  1. Ensure that you have a list of targets. Targets are categorized as hosts – we can think of EC2 instances...

Attacking vulnerabilities

Attacking vulnerabilities is one of the more interesting aspects of cybersecurity. It's one thing to discover and patch an issue that you may have discovered, but actually getting to attack it takes your skills to another level! Attacking vulnerabilities is what sets penetration testing apart from other security careers. While most security positions only discover and remediate, pentesting attacks and exploits discovered issues. Doing so sheds light on how real a system's security posture may or may not be. One of the more popular tools you will hear about is called Metasploit.

Exploring Metasploit

A popular tool in the pentesting community is a framework known as Metasploit Framework. Also known as Metasploit, the automated software comes preinstalled on Kali Linux with exploits and payloads that can be configured and launched at vulnerable hosts. It also comes with exploits applicable to all flavors of operating systems, and payloads of...


The AWS Command Line Interface (CLI)

The AWS CLI is a great command-line tool that allows you to interface with AWS technology such as S3 buckets, interacting with EC2 instances and others. We will start to see actual use cases of implementing the AWS CLI in more depth in Chapter 4, Exploiting S3 Buckets. The AWS CLI is a great way to learn and get comfortable with using a terminal-like interface because it allows you to interact with everything in your AWS environment. For pentesting, it's always good to be comfortable with using a command line and/or a terminal because you never know when a GUI just won't do the trick. Imagine being in the middle of a penetration test and your tool interface freezes, or the frontend of an application throws an error and ceases to work. This is where understanding the command line proves to be beneficial.

Installing the AWS CLI

Now we will need to move forward and install the AWS CLI on our Kali Linux machine. This will be the command...



In this chapter, we learned how to create an AWS account that will allow us to set up an environment for us to create a host and pentest it later throughout the book. It is essential that we understand how to make labs within AWS, mainly due to it being the sole way we will be performing testing in this book, and how you would in a real-life situation. We learned what an EC2 instance is and how to set up an instance with various operating systems, helping us understand the importance of the various operating systems that we would see in a real-world pentesting situation. We learned about setting up vulnerable services within our host and what vulnerabilities entail regarding pentesting and AWS security. Lastly, we learned how to quickly set up the AWS CLI for us to interact with our AWS resources.

In the next chapter, we will start looking more at Kali Linux, some of its history, and how we will be using it throughout this book, and how it pertains to pentesting.


About the Author

  • Jonathan Helmus

    Jonathan Helmus is a penetration tester and adjunct professor with over 10 years of experience in a mixture of engineering, information security, and information technology. He resides in Seattle, WA, and works for Nordstrom as a pentester, helping Nordstroms clients and customers execute successful penetration tests and red team engagements. As an educator, he works with various universities by teaching and educating the next generation of cybersecurity professionals. Jon currently holds a masters degree in cybersecurity with a focus on ethical hacking and pentesting, and he holds the Offensive Security Certified Professional (OSCP) certification. Known in the hacker community as Moos1e, Jon can be found on Twitter at Moos1e_Moose.

    Browse publications by this author
Book Title
Access this book, plus 7,500 other titles for FREE
Access now