Hazes were originally set to create an EBPF-based real-time monitoring tool for ECS workload. While doing so, he stopped communication between ECS agent and AWS Backnd as part of his debugging process, when he paid attention to the unspecified website channel.
IAM roles from low tasks to privileged
Thanks to the default availability of IMDS, the EC2-based ECS can read any container (with low-level access) on the ECS agent INS Roll Crearete.
“No container brakeout (no hostroot access) was required – although the IMDS access was required through the clever network and system trick from within its name of the container,” Hajij NoETDTo add that any container applies an ECS agent by reaching the IMDS. AWS is Documentation How to prevent or limit access to IMDS.
Armed with those instance roll credentials, the attacker can communicate on ACS Websocket. This allows them to intercept or request the IAM credentials of other running functions, even if those tasks are separated by IAM roles. Compiring, compromised container orchestrator is responsible for messaging and orchestrating work as ECS agent.
“Stolen keys (iam credentials) actually act like keys for real work,” said Hajiz. “AWS Cloudtrail API will characterize the call for the role of the afflicted work, so the initial identity is difficult – it seems as if the victim is working.” This allows the attackers to be invisible in the log because AWS feels that the victim is doing everything.
