This Threat Thursday session explores how adversaries can leverage the AWS CLI to enumerate AWS environments, including identifying users, databases, and S3 buckets. We will demonstrate how attackers gather intelligence about cloud assets and permissions, as well as methods for exfiltrating sensitive data from S3 buckets. Attendees will gain insight into detecting and mitigating these activities, strengthening their defenses against cloud-based threats.