HackTricks CloudAWS - CloudFormation & Codestar Enum
Reading time: 3 minutes
tip
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
CloudFormation
AWS CloudFormation is a service designed to streamline the management of AWS resources. It enables users to focus more on their applications running in AWS by minimizing the time spent on resource management. The core feature of this service is the template—a descriptive model of the desired AWS resources. Once this template is provided, CloudFormation is responsible for the provisioning and configuration of the specified resources. This automation facilitates a more efficient and error-free management of AWS infrastructure.
Enumeration
# Stacks
aws cloudformation list-stacks
aws cloudformation describe-stacks # You could find sensitive information here
aws cloudformation list-stack-resources --stack-name <name>
aws cloudformation get-template --stack-name cloudformationStack
aws cloudformation describe-stack-events --stack-name cloudformationStack
## Show params and outputs
aws cloudformation describe-stacks | jq ".Stacks[] | .StackId, .StackName, .Parameters, .Outputs"
# Export
aws cloudformation list-exports
aws cloudformation list-imports --export-name <x_name>
# Stack Sets
aws cloudformation list-stack-sets
aws cloudformation describe-stack-set --stack-set-name <name>
aws cloudformation list-stack-instances --stack-set-name <name>
aws cloudformation list-stack-set-operations --stack-set-name <name>
aws cloudformation list-stack-set-operation-results --stack-set-name <name> --operation-id <id>
Privesc
In the following page you can check how to abuse cloudformation permissions to escalate privileges:
Post-Exploitation
Check for secrets or sensitive information in the template, parameters & output of each CloudFormation
Codestar
AWS CodeStar is a service for creating, managing, and working with software development projects on AWS. You can quickly develop, build, and deploy applications on AWS with an AWS CodeStar project. An AWS CodeStar project creates and integrates AWS services for your project development toolchain. Depending on your choice of AWS CodeStar project template, that toolchain might include source control, build, deployment, virtual servers or serverless resources, and more. AWS CodeStar also manages the permissions required for project users (called team members).
Enumeration
# Get projects information
aws codestar list-projects
aws codestar describe-project --id <project_id>
aws codestar list-resources --project-id <project_id>
aws codestar list-team-members --project-id <project_id>
aws codestar list-user-profiles
aws codestar describe-user-profile --user-arn <arn>
Privesc
In the following page you can check how to abuse codestar permissions to escalate privileges:
References
tip
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.