|
AWS Services in Techniques
This page lists all AWS services referenced techniques, along with the associated tactics and techniques.
Services
- AWS CloudShell (1)
- AWS CloudTrail (1)
- AWS IAM Identity Center (5)
- AWS Identity and Access Management (IAM) (8)
- AWS Lambda (1)
- AWS Organizations (2)
- AWS Security Token Service (STS) (2)
- AWS Sign-In (1)
- Amazon API Gateway (1)
- Amazon Bedrock (1)
- Amazon CloudWatch (1)
- Amazon Cognito (1)
- Amazon Elastic Compute Cloud (EC2) (6)
- Amazon Elastic Container Service (ECS) (2)
- Amazon Elastic Kubernetes Service (EKS) (1)
- Amazon GuardDuty (1)
- Amazon Relational Database Service (RDS) (3)
- Amazon Route 53 (2)
- Amazon Simple Email Service (SES) (1)
- Amazon Simple Notification Service (SNS) (1)
- Amazon Simple Storage Service (S3) (5)
AWS CloudTrail
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1562.008 | Disable Cloud Logs | Defense Evasion |
AWS IAM Identity Center
AWS Identity and Access Management (IAM)
AWS Lambda
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1648.A001 | Invoking Lambda Function | Execution, Persistence |
AWS Organizations
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1666.A001 | Create or Invite AWS Account | Persistence, Defense Evasion, Lateral Movement |
| T1666.A002 | Leave AWS Organization | Defense Evasion |
AWS Security Token Service (STS)
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1199.A002 | Role Assumption and Federated Access | Initial Access, Persistence, Lateral Movement |
AWS Sign-In
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1538 | Cloud Service Dashboard | Initial Access, Persistence, Discovery |
Amazon API Gateway
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| AT1667.001 | API Gateway | Persistence |
Amazon Bedrock
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1496.A007 | Cloud Service Hijacking - Bedrock LLM Abuse | Impact |
Amazon CloudWatch
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1562.008 | Disable Cloud Logs | Defense Evasion |
Amazon Cognito
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1496.003 | SMS Pumping | Impact |
Amazon Elastic Compute Cloud (EC2)
Amazon Elastic Container Service (ECS)
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1496.A006 | Compute Hijacking - ECS | Impact |
| T1578.002 | Create Cloud Instance | Defense Evasion, Impact |
Amazon Elastic Kubernetes Service (EKS)
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1578.002 | Create Cloud Instance | Defense Evasion, Impact |
Amazon GuardDuty
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1562.A001 | Disable or Modify GuardDuty | Defense Evasion |
Amazon Relational Database Service (RDS)
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| AT1023.001 | Query RDS | Discovery |
| T1213.A013 | RDS Instance Manipulation | Initial Access |
| T1485.A001 | RDS Instances and Backups | Impact |
Amazon Route 53
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1491.A001 | Subdomain Takeover | Impact |
| T1583.001 | Domains | Resource Development |
Amazon Simple Email Service (SES)
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1496.A001 | Cloud Service Hijacking - SES Messaging | Impact |
Amazon Simple Notification Service (SNS)
| Technique ID | Technique Name | Tactic(s) |
|---|---|---|
| T1496.003 | SMS Pumping | Impact |