Home

Awesome

AWS Exposable Resources

The goal of this repo is to maintain a list of all AWS resources that can be publicly exposed, and eventually, those that can be shared with untrusted accounts (that section is still in development and not included here yet).

The following concepts are applied in this list:

Roadmap

I would like this repo to eventually contain the following:

Resources that can be made public through resource policies

ECR Repository

Actions:

Lambda

Allows invoking the function

Actions:

Lambda layer

Actions:

Serverless Application Repository

Actions:

Backup

Docs

Actions:

EFS

TODO: Need to confirm this can actually be shared with other accounts. Some of the doc wording leads me to think this might only be shareable to principals within an account.

Actions:

Glacier

Actions:

S3

S3 buckets can be public via policies and ACL. S3 objects can be public via ACL. ACLs can be set at bucket or object creation.

Actions:

IAM Role

Actions:

KMS Keys

Actions:

Secrets Managers

Actions:

CloudWatch Logs

Actions:

EventBridge

Only allows sending data into an account

Actions:

MediaStore

Docs

Actions:

ElasticSearch

Actions:

Glue

Actions:

SNS

Actions:

SQS

Actions:

SES

Docs

Actions:

Resource that can be made public through sharing APIs

AMI

Actions:

FPGA image

Actions:

EBS snapshot

Actions:

RDS snapshot

Actions:

RDS DB Cluster snapshot

Actions:

Resources that can be made public through network access

API Gateway

There are associated resource policies (see here) that may make this something that should be in multiple categories?

Actions:

CloudFront

Actions:

Redshift

Actions:

RDS

Actions:

EC2

Actions:

Elastic IP

Actions:

ECS

Actions:

Global Accelerator

Actions:

ELB

Actions:

Lightsail

Actions:

Neptune

Actions:

ElasticCache

Actions:

EMR

Actions: