- 新しい順
- 投票が多い順
- コメントが多い順
Greetings, I am sorry to hear that your credentials have been stored. Since AWS credentials have been compromised, follow these condensed steps to secure your account:
Rotate Access Keys: Immediately change access keys for all IAM users. Do this via the IAM console by creating new keys and deactivating the old ones.
Audit AWS Environment: Use AWS CloudTrail logs to check for unauthorized activities. Verify all EC2, RDS, and VPC instances for any unrecognized resources and terminate if necessary.
Enable Multi-Factor Authentication (MFA): Set up MFA for your AWS account and for IAM users to add an extra layer of security.
Review and Tighten IAM Policies: Ensure IAM policies adhere to the principle of least privilege.
Monitor with CloudWatch: Set up Amazon CloudWatch alarms for unusual activity monitoring.
Contact AWS Support: If you suspect further compromise, contact AWS Support for assistance.
Review External Dependencies: Check external services linked to your AWS account for potential compromises and rotate shared keys or tokens.
Educate Your Team: Make sure your team is aware of the security incident and understands the importance of following security best practices.
Taking these actions quickly can help mitigate risks and secure your AWS environment against unauthorized access.
Please let me know if you have any questions.
Some tasks to perform. What access does your User account have? They could only make changes within your permission boundary
- Re-issue all keys for all users.
- Reset all users password credentials
- Review ALL roles and their Trusts because a role could trust an account from an external account
- Review all newly created users, roles
- Check for newly created IDPs
- Check for any org creation/sub accounts
- Review all newly created resources
- Review all newly created security groups
