Discover AWS IAM Users

Exposure of AWS IAM Usernames can further aid attackers efforts to access an AWS account. Exposure leaves users vulnerable to attacks such as phishing and password-spraying.

What is the risk of exposed AWS IAM Usernames?

Exposing an AWS IAM username is not a direct threat but simplifies attackers' efforts to access an AWS account. With this information, they can initiate phishing campaigns or password-spraying attacks, potentially obtaining valid credentials and accessing the account

Methods to Discover AWS IAM Usernames

Using AWS Access Key ID

With just a valid AWS Access Key ID, we can use an AWS CLI command
You must have valid access keys configured for this to work (aws configure) but then, you can find the AWS Account ID with any valid Access Key ID

aws --profile dev iam get-access-key-last-used --access-key-id AKIAxxxxxxxx

{
    "UserName": "admin",
    "AccessKeyLastUsed": {
        "LastUsedDate": "2024-12-08T03:42:00+00:00",
        "ServiceName": "ec2",
        "Region": "us-east-1"
    }
}

PreviousDiscover AWS Account IDs NextDiscover AWS Public Resources

Last updated 13 days ago