New AWS Tag Checks
Using Snotra to Check For Sensitive Tags
The guys over at Plerion have dome some interesting reseach into unauthenticated enumeration of AWS metadata including the value of tags. An unauthenticated attacker with minimal information about your account can enumerate the keys and corresponding values of tags applied to your resources. So in short make sure you are not storing sensitive information (passwords, keys, usernames, emails, etc) in your tags!
To help easily audit this I have added some checks to Snotra which will simply list out all in use tags and their values. The below screen shot is also a sneak peak at something I have been working on recently.
About the author
Shaun is a Penetration Tester and Bitcoiner based in state controlled Britain, with over a decade in the Security Industry, specialising in Cloud and Infrastructure Security and regularly completing assessments for all manner of companies from global corporations to small charities and non profits.