Demo of SSRF methodology of a website attack to takeover temporary AWS credentials (regular user) which will be used to authenticate in CLI for attacker. Next they will give at least permissions to modify user data scripts and affect different ec2 (inside private network with NAT) to generate reverse shell and hijack access by ssh. After all injection code to lambda with particular Lambda should finally allows us to attach particular policy for use manipulated user. Move-over except demo I’m planning to describe some less popular clauses inside IAM policies.