Sometimes you’ll get an encoded error message in the AWS console. That’s because there are ways for attackers to insert code in these messages potentially that could execute in your browser.
Great but how do you view the message? You have to decode it. But you don’t decode it with base64 or some other command line tool, you use the AWS CLI and the sts decode-authorization-message command.
First of all save your message to a variable like this:
msg=”copy and paste the encoded message here”
Then run the sts command to decode the value like this:
aws sts decode-authorization-message –encoded-message “$msg” –output text
I still find that a bit hard to read so I actually add some additional sed commands at the end to weed out some of the JSON formatting.
aws sts decode-authorization-message –encoded-message “$msg” –output text | sed ‘s/,/nr/g’ | sed ‘s/{//g’ | sed ‘s/}//g’ | sed ‘s/”//g’
Then at least it’s a bit more readable:
Whether it’s helpful or not — you can decide for yourself 🙂 I’m writing about this particular output in my other blog series:
Automating Cybersecurity Metrics (ACM)
Teri Radichel
If you liked this story please clap and follow:
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research
© 2nd Sight Lab 2022
____________________________________________
Author:
Cybersecurity for Executives in the Age of Cloud on Amazon
Need Cloud Security Training? 2nd Sight Lab Cloud Security Training
Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.
Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.
Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts
Decoding AWS Error Messages was originally published in Bugs That Bite on Medium, where people are continuing the conversation by highlighting and responding to this story.