RedTeam Security's web application penetration testing includes searching for vulnerabilities in Amazon Web Services (AWS) environments and on-premise environments. When reviewing AWS cloud security, many foundational techniques involving reconnaissance and information gathering will look the same as those performed against non-cloud platforms. Still, additional tools and methods may be employed to conduct a rigorous review of appropriate controls.
For example, during a typical pen test engagement, we look at assets (applications, APIs) and the supporting systems and cloud infrastructure those applications are running in (operating systems, containers, networks, devices, and servers). The methodology for testing AWS infrastructure is similar. Still, in addition to testing your cloud environment's network security, we will also analyze configurations' security affecting access to the AWS account and its resources.
At its most basic level, investigation of a cloud environment usually involves looking for publicly accessible resources and credentials related to AWS services (I.e., S3, RDS, Lambda, EC2, CloudTrail, SG, CloudWatch) and testing their information security. A more in-depth option could involve provisioning a test user of the AWS account and providing that to our testers. This additional access allows for a deeper look at IAM users, groups, roles, and policies in place in the environment and aids in hunting for dangerous misconfigurations.