AWS Access Keys have been the primary way to manage identity when accessing AWS APIs. AWS Access Keys are broadly used in two ways - For providing programmatic access to AWS APIs and for AWS services to access AWS APIs through instance roles or similar. The Access Key model is deeply ingrained into how AWS APIs are accessed.

When applications are built using AWS services, there are a plethora of ways these access keys are used and places where these access keys can be found. Due to the sensitive nature and the kind of access AWS Access Keys can provide, they are an attractive target to the attackers. There have been various notable data breaches over the years that were caused due to m is-management of AWS Access Keys or unauthorised access to AWS Access Keys.

As an attacker (or defender), it is important to understand AWS Access Keys and various ways in which unauthorised access can be gained to AWS Access Keys that can lead to security breaches.





Starts at Saturday October 15 2022, 12:25 PM. The sessions runs for about 1 hour.