Posts under this project (4)
Part 1: Overview of AWS CodeConnections (Escalating Privileges via AWS CodeConnections)
AWS CodeConnections (formally called CodeStar Connections) is a feature in AWS which allows AWS resources such as AWS CodePipeline to connect to external code repositories. This is often...
by Thomas Preece Read more...
Protected: Part 2: AWS CodePipeline (Escalating Privileges via AWS CodeConnections)
There is no excerpt because this is a protected post.
by Thomas Preece Read more...
Protected: Part 3: AWS SageMaker AI, SageMaker Unified Studio & App Runner (Escalating Privileges via AWS CodeConnections)
There is no excerpt because this is a protected post.
by Thomas Preece Read more...
Protected: Part 4: AWS CodeBuild (Escalating Privileges via AWS CodeConnections)
There is no excerpt because this is a protected post.
by Thomas Preece Read more...In this series of blogposts we’ll be taking an in-depth look at the security of AWS CodeConnections and their use in several different AWS Services. As CodeConnections become supported in more AWS services, it is important for us to understand exactly how CodeConnections work, what their limitations are and what security controls can be applied to ensure our code repositories and infrastructure stays secure.
This series of blog posts aims to answer the question, can we significantly escalate our privileges via the source code provider permissions granted to AWS if we can compromise a single AWS account or single AWS service such as CodePipeline.