RhinoSecurityLabs / pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/
BSD 3-Clause "New" or "Revised" License
4.37k stars 694 forks source link

Is Pacu compatible with AWS CLI v2? #446

Open niooss-ledger opened 3 months ago

niooss-ledger commented 3 months ago

Hello,

Currently, installing Pacu on a Linux system with AWS CLI version 2 also installs AWS CLI version 1, "downgrading" it. While it is possible to re-install AWS CLI v2 again, I was wondering whether this could cause issues. Is Pacu compatible with AWS CLI v2? (Or does it only support CLI v1?)

More precisely, in a container running docker.io/library/python:3.12, here are some commands to reproduce the issue

# Install AWS CLI v2 following instructions from
# https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

# AWS CLI v2 is now installed in /usr/local/bin/aws
# Check the version. This displays "aws-cli/2.17.19 Python/3.11.9 Linux/5.19.0-50-generic exe/x86_64.debian.12"
aws --version

# Install Pacu
pip install pacu

# Check the version again
aws --version
# This displays "aws-cli/1.33.32 Python/3.12.0 Linux/5.19.0-50-generic botocore/1.34.150"
# By the way "which aws" still shows "/usr/local/bin/aws": the file was overwritten.

Pacu installs AWS CLI v1 because it depends on Python package awscli: https://github.com/RhinoSecurityLabs/pacu/blob/470b96a34fd2fd8c45033f6fcfed27ddb7bbbce9/pyproject.toml#L14

AWS stated in https://github.com/aws/aws-cli/issues/4947 they do not plan to publish AWS CLI v2 on PyPI, so it is not possible to upgrade awscli in Pacu dependencies to version 2. Anyway, is this dependency actually used? Would Pacu also be compatible with AWS CLI v2?