Misadventures in Cyberland

AWS SCE Example Experiment: IAM User Access Keys

Here is an example security chaos experiment in Python for Amazon Web Services (AWS) Identity and Access Management (IAM). This experiment simulates a scenario where an IAM user’s access keys are accidentally deleted, causing the user to lose access to their AWS resources.

To run this experiment, you will need to have an AWS account and the AWS SDK for Python (Boto3) installed. You will also need to have an IAM user set up in your account.

import boto3

# Set up the AWS client for IAM
iam_client = boto3.client("iam")

# Get the name of the IAM user
user_name = "test-user"

# Delete the user's access keys
access_keys = iam_client.list_access_keys(UserName=user_name)["AccessKeyMetadata"]
for key in access_keys:
    iam_client.delete_access_key(UserName=user_name, AccessKeyId=key["AccessKeyId"])

# Verify that the user cannot access their AWS resources
try:
    # Try to list the S3 buckets in the user's account
    s3_client = boto3.client("s3")
    s3_client.list_buckets()
except Exception as e:
    print(f"Failed to list S3 buckets: {e}")

This experiment can be modified to test other types of security incidents, such as deleting an IAM user’s permissions or deleting an IAM policy that grants permissions to the user.

aaron@sce.dev

Leave a Reply

Your email address will not be published. Required fields are marked *