In the effort to get me blogging again I’ll be doing a few short posts to get the juices flowing (hopefully).
Today I learned about the userData instance attribute for AWS EC2.
In general I thought metadata was only things you can hit from WITHIN the instance via the metadata url: http://169.254.169.254/latest/meta-data/
However, if you read the link above there is an option to add metadata at boot time.
You can also use instance metadata to access user data that you specified when launching your instance. For example, you can specify parameters for configuring your instance, or attach a simple script.
That’s interesting right?!?! so if you have some AWS creds the easiest way to check for this (after you enumerate instance IDs) is with the aws cli.
$ aws ec2 describe-instance-attribute –attribute userData –instance-id i-0XXXXXXXX
An error occurred (InvalidInstanceID.NotFound) when calling the DescribeInstanceAttribute operation: The instance ID ‘i-0XXXXXXXX’ does not exist
ah crap, you need the region…
$ aws ec2 describe-instance-attribute –attribute userData –instance-id i-0XXXXXXXX –region us-west-1
anyway that can get tedious especially if the org has a ton of things running. This is precisely the reason @cktricky and I built weirdAAL. Surely no one would be sticking creds into things at boot time via shell scripts 🙂
That module is in the current version of weirdAAL. Enjoy.
*** This is a Security Bloggers Network syndicated blog from Carnal0wnage & Attack Research Blog authored by CG. Read the original post at: http://carnal0wnage.attackresearch.com/2018/11/aws-ec2-instance-userdata.html