Feb 28 2024 New AWS Tag Checks

The guys over at Plerion have dome some interesting reseach into unauthenticated enumeration of AWS metadata including the value of tags. An unauthenticated attacker with minimal information about your account can enumerate the keys and corresponding values of tags applied to your resources. So in short make sure you are not storing sensitive information (passwords, keys, usernames, emails, etc) in your tags!

To help easily audit this I have added some checks to Snotra which will simply list out all in use tags and their values. The below screen shot is also a sneak peak at something I have been working on recently.