Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

nauthorized use

0

I have already set up MFA but The following events occurred: 1.Default VPC was deleted. 2.Default VPC was change setting. Could you teach me What should I do ?

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
asked 10 months ago86 views
3 Answers
1

Hello.

Can I check the DeleteVpc event from the CloudTrail event history?
Check the DeleteVpc event to see who deleted it, and once you have identified the user, change the password of the target IAM user.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/tutorial-event-history.html

You can also recreate the default VPC itself.
https://docs.aws.amazon.com/vpc/latest/userguide/work-with-default-vpc.html#create-default-vpc

Please take a look at the following document for general instructions on what to do when you discover unauthorized access to your AWS account.
https://repost.aws/knowledge-center/potential-account-compromise

EXPERT
answered 10 months ago
EXPERT
reviewed 10 months ago
1

I understand you've already set up Multi-Factor Authentication (MFA), which is an excellent security practice. Let's address the issues with your VPC:

  1. Deleted Default VPC: If you've accidentally deleted your default VPC, don't worry. You can create a new one. Here's what you should do:
  • Open the Amazon VPC console.
  • In the navigation pane, choose "Your VPCs".
  • Choose "Actions", then "Create default VPC".
  • In the confirmation dialog box, choose "Create".

This will create a new default VPC with all the standard components, including a default subnet in each Availability Zone.

  1. Changed Default VPC Settings: If you've made changes to your default VPC settings and want to revert them:
  • Review the current configuration of your VPC, including subnets, route tables, and security groups.
  • Compare these settings with the standard default VPC configuration.
  • Adjust the settings manually to match the default configuration.

If you're unsure about the correct settings, you might want to consider creating a new default VPC as described above.

Important notes:

  • The new default VPC may have different subnet CIDR blocks and Availability Zone mappings compared to your previous default VPC.
  • If you have resources that were using the old default VPC, you may need to update their configurations to use the new VPC or subnets.
  • Always ensure that any changes you make align with your security and networking requirements.

To verify that your problem has been solved:

  • Check that you can see the new default VPC in your VPC console.
  • Attempt to launch a new EC2 instance without specifying a VPC - it should automatically use the new default VPC.
  • Test connectivity to and from resources in the new default VPC to ensure it's functioning as expected.

If you encounter any issues during this process or if the problem persists, I recommend contacting AWS Support for personalized assistance. They can provide guidance specific to your account and configuration.

AWS
answered 10 months ago
-1

Thank you for keindly answering. I understand that I cannot restore a previous default VPC. I don't make IAM user. I operate root user. I used RedHatEnterprise Linux with work. IF I get used to usee tp AWS,I use IAM . It useful View event history.I recognize who operate AWS. Thank you very much.

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content