Digital Forensics and Incident Response | DFIR
  • Blog
  • Infosec
  • Windows Forensics
  • Mac Forensics
  • Memory Forensics
  • Incident Response
  • Contact

What you should do if the AWS Keys are leaked?

4/16/2019

0 Comments

 
Many developer accidentally add AWS access key and secret in the code as a variable.  Assume it has been compromised and follow the steps below:
  1. Go to IAM on AWS Dashboard
  2. Find the user and click on the user to view the keys.
  3. Make it  key inactive and delete the key
  4. Create a new key for the user.
  5. Review the cloud-trail (if available) logs for any malicious access for the key.
0 Comments



Leave a Reply.

    Archives

    April 2020
    September 2019
    August 2019
    July 2019
    June 2019
    April 2019
    February 2019
    March 2018

    Categories

    All
    Aws
    Cloud
    Dfir
    Incident Response
    Linux
    Recon

    RSS Feed