Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Serice Control Policy takeover

-1

screenshot showing my permissions We have been hacked and a bad actor has taken over our AWS account. The have instituted a SCP and now we cannot do anything inside the account other than log in as a root user. We cannot respond to our support cases, we cannot contact AWS. We are dead in the water. AWS makes it almost impossible to talk to a liv ehuman and their AI bot is trash. I have filed four cases through unsigned in tabs. We just receive email after email asking us to click the link to update the case. But we have to sign in to respond and the SCP denies permission to do so. Please any help, insight would be appreciated. I am really looking for someone from AWS to contact me. If you look at the picture, you can see I am logged in as the Root user but I have no permissions, I cannot even chat. Please leave the negative comments to yourself.

Topics
Management & GovernanceAWS MarketplaceSecurity, Identity, & Compliance
Tags
Service Control PolicySupport CaseAWS Security Incident ResponseAWS Account Management
Language
English
asked 20 days ago57 views
2 Answers
1

I'm confused with your statement "The have instituted a SCP and now we cannot do anything inside the account other than log in as a root user." Does it mean you can log in as root? If so, just log in as root and change the SCP back to what it should be. If there access keys or IAM users that you don't recognise, disable / delete those.

EXPERT
answered 20 days ago
EXPERT
reviewed 19 days ago
  • Hodari Toure
    19 days ago

    Yes, I can log in as the root user but the SCP will not allow me to do anything. All my permissions are denied.

  • repost-User-51499087
    19 days ago

    Then you are lying. Root supercedes everything. Sounds like you are asking how to take over someone else's account.

0

Hello.

Have you contacted AWS via the following URL?
This URL is a contact form that can be used even without signing in to AWS.
https://support.aws.amazon.com/#/contacts/one-support?formId=contactUs

Having your AWS account's root user compromised is quite a desperate situation.
If the AWS account in question is for testing purposes, I would recommend stopping the credit card to prevent any charges from being incurred.

EXPERT
answered 20 days ago
EXPERT
reviewed 19 days ago
  • Hodari Toure
    19 days ago

    Yes, but I cannot sign in. So i have to go through the unsigned process but when they follow up, they request a user to be logged in to see the case. The SCP will not allow that

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content