Threat actors may attempt to discover infrastructure and resources that are available within an infrastructure-as-a-service (IaaS) environment. This includes compute service resources such as instances, virtual machines, and snapshots as well as resources of other services including the storage and database services.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.