
Cross Account IAM enumeration via Lambda Resource Policies in AWS Cloud
The article describes a side channel technique to use verbose messages returned by the AWS API to enumerate users and roles in a different AWS account. Article contains proof of concept python script as well.