My Account was Hacked

0

Hello Everyone My account was currently hacked , its email address was changed , i got my account back , but there are some roles which have administrator access and it cannot be deleted

i also tried revoking the sessions but it throws an error saying 'Failed to revoke sessions. Cannot perform the operation on the protected role ';;;;' - this role is only modifiable by AWS'

please help me with this issue

  • From. moderator: this is a duplicate of https://repost.aws/questions/QUSC73xHmPTWuprDtF5ME9ng/my-account-got-hacked which has already an accepted answer. Please, do not repeat same question

  • this is not a duplicate question , i mentioned i have recovered my account now , my previous question mentions that i wasnt able to access the account due to unauthorized changed email address , this questions revolves around some roles which i am not able to delete after i have recovered the account but the account might still be compromised (am sorry dont have much knowledge about aws)

已提问 1 年前432 查看次数
2 回答
0

Hello.
Is it possible to access and delete an AWS account as root user?
If you can log in as the root user, you can operate any IAM resource in your account.
https://docs.aws.amazon.com/signin/latest/userguide/introduction-to-root-user-sign-in-tutorial.html

Also, although unrelated to resource deletion, if your AWS account has been hijacked, be sure to change the root user password.
Other MFA settings are also effective in improving security and should be set.
https://docs.aws.amazon.com/accounts/latest/reference/root-user-password.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-root

It is also possible that the error is caused by an administrative IAM role managed by AWS.
For example, if your AWS account belongs to Organizasions, etc. and you try to delete SSO admin IAM roles, etc., you will get such an error.
What IAM role are you trying to delete?

profile picture
专家
已回答 1 年前
  • yess these are there is an administrative sso role am trying to delete which is not getting delete , service linked roles too

  • I believe that the IAM role of the SSO administrator cannot be deleted without removing the IAM role from Organizasions membership. Could you please share the name of the IAM role you are trying to delete? Also, is your user a root user?

  • AWSReservedSSO_AdministratorAccess AWSServiceRoleForOrganizations AWSServiceRoleForSSO AWSServiceRoleForSupport AWSServiceRoleForTrustedAdvisor

    yes i am a root user

  • Thanks for sharing. The IAM roles listed were created by AWS. Therefore, there is no need to delete it. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

    A service-linked role is a type of service role that is linked to an AWS service. The service can assume the role to perform an action on your behalf. Service-linked roles appear in your AWS account and are owned by the service. An IAM administrator can view, but not edit the permissions for service-linked roles.

  • but the creation date of the first three roles is just after i got the mail that my email for aws has been changed(account was hacked) is this not alarming ? or is it still okay (am not an expert in aws just looking for your advice)

0

Hey everyone,

I'm in a bit of a pickle. My account was recently compromised, and though I've managed to regain access, there are a few roles that have been granted admin permissions, and I just can't seem to remove them. Each time I attempt to revoke the sessions, I'm met with an error that reads 'Failed to revoke sessions. Cannot perform the operation on the protected role ';;;;' - this role is only modifiable by AWS'.

Has anyone else faced something similar? I'd really appreciate any guidance or advice on how to resolve this.

https://docs.aws.amazon.com/accounts/latest/reference/root-user-password.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-root

Thanks in advance, Farru.

已回答 1 年前
  • Hello.
    That error is an error that occurs when trying to delete an AWS-managed IAM role. What IAM role are you trying to delete?

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则