Formatting

facebookincubator · Aug 7, 2023 · 61d81e5 · 61d81e5
1 parent 6476ecb
commit 61d81e5
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 3 deletions.
diff --git a/cloud/aws/iam/escalate-old-iam-user/README.md b/cloud/aws/iam/escalate-old-iam-user/README.md
@@ -85,12 +85,15 @@ Remove `old-and-forgotten` IAM user from the `priv-group` privileged group:
 
 ## Steps
 
-1. **Identify Dormant Users**: Using the provided script, scan for users that have not used access keys in over 90 days.
+1. **Identify Dormant Users**: Using the provided script, scan for users that
+   have not used access keys in over 90 days.
 
 2. **Add or Remove from Group**: Depending on the parameters,
    the script will either add the identified IAM user to the specified
    privileged group or remove them from the group.
 
-3. **Validate Changes**: Check that the changes have been made as intended within the AWS environment.
+3. **Validate Changes**: Check that the changes have been made as intended
+   within the AWS environment.
 
-4. **Cleanup**: If the `cleanup` argument is set to true, the script will remove the IAM user from the group.
+4. **Cleanup**: If the `cleanup` argument is set to true, the script will
+   remove the IAM user from the group.
diff --git a/cloud/aws/iam/revive-old-iam-user/README.md b/cloud/aws/iam/revive-old-iam-user/README.md
@@ -60,3 +60,28 @@ log the results in a custom logfile, and get detection information:
       --arg cleanup=true \
       --arg detect=true
 ```
+
+## Steps
+
+1. **Preparation**: Ensure a valid set of AWS credentials and that the target
+   IAM user has less than 2 access keys. The script provided can be used to
+   enumerate users and verify access keys.
+
+2. **Target User Identification**: Identify the IAM user for the new access key
+   using the `user` argument.
+
+3. **Detection Query (Optional)**: If `detect` is true, query cloudtrail to
+   see if the TTP was logged.
+
+4. **Access Key Creation**: Create a new access key for the specified IAM user
+   by interacting with AWS's IAM service.
+
+5. **Logging (Optional)**: Ensure appropriate log configurations if specific
+   logging is required, such as in a custom logfile.
+
+6. **Cleanup (Optional)**: If `cleanup` is true, clean up any artifacts created
+   during the TTP's execution.
+
+7. **Verification**: Optionally verify that the new access key is successfully
+   added to the target IAM user, confirming its presence and correct
+   configuration.