Terraform is an IaC tool that allows provision, management and deletion of infrastructure resources automatically. It is used mostly by DevOps Engineers, as well as Administrators on both on-prem and cloud infrastructures.
One feature that Terrafom is mostly known about is its ability to be extended to allow for different deployments on different providers, using its plugins, which they call Providers. There are providers for GCP, Azure, and even one for ActiveDirectory based infrastructures.
This blog will use one of these providers, the AWS Terraform Provider, to look at what features can an attacker use to enumerate, compromise and persist in an AWS Based infrastructure and how those attacks can be detected.