Hi readers, here we will see how someone knowing/guessing role arn created for GitHub actions can escalate privileges.
Note: Now this has been fixed! If you try creating an OIDC connect it asks for GitHub organization.
Creating scenario-
Let’s assume we want GitHub actions to perform certain operations in our AWS account. For this example, we will be listing s3 buckets using GitHub actions. Steps-
- Adding GitHub as an Identity provider-
a) Goto Identity provider option in IAM.
b) Add identity provider with type OpenIDConnect.
c) Provider URL: https://token.actions.githubusercontent.com
d) Click get thumbprint.
e) Add Audience as sts.amazonaws.com
f) Click add provider