Cloud Attack Surface

The cloud attack surface is the total set of points where an attacker could try to enter or extract data from a cloud environment. Unlike on-prem networks, the cloud surface is defined mostly by configuration and identity, not physical perimeter.

• Public-facing APIs and management consoles
• Identity and access management (IAM)
• Storage buckets, databases, and serverless functions
• Network exposure (security groups, load balancers)

A single misconfigured setting can expose an entire account.

Most cloud pentests target one of the three major providers. Each has its own identity model and terminology, but the attack patterns rhyme.

• AWS — IAM users/roles, S3, EC2, Lambda
• Azure — Entra ID (Azure AD), Blob Storage, VMs, Functions
• GCP — IAM service accounts, Cloud Storage, Compute Engine

Learning one deeply makes the others easier, because the core concepts (identity, compute, storage, network) map across all of them.