Skip to main content

AWS Keys

Description#

General#

  • Documentation: https://docs.aws.amazon.com/IAM/latest/APIReference/welcome.html
  • Summary: Amazon Web Services is a cloud provider. It provides computing and storage services. AWS keys allow users to programmatically manage AWS resources. As an example, one can create or delete instances using the access keys.
  • IPs allowlist: It is possible to configure IP ranges that have access to AWS ressources. See more infos.
  • Scopes: One can create keys for IAM user. An IAM user is an identity that represents a person or an application. Permissions are granted to the IAM user and the access keys attached to the user will inherit the same permissions. IAM user also supports MFA for additional security. Anyone who has such an access key has unrestricted access to all the IAM account resources, possibly including billing information.

Revoke the secret#

Sign in to the AWS Management Console as the AWS account root user then choose the desired account name in the navigation bar, and go to "My Security Credentials".

Expand the "Access keys" section then click on the delete button.

The difference between the delete button and the make inactive button is that disabled keys can be re-enabled later, which should not be the case here.

Check for suspicious activity#

AWS CloudTrail is the service logging API calls. When enabled, the service delivers the log files to an S3 bucket.

Details for Aws iam#

  • Category: Cloud Provider

  • Company: Amazon Web Services

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 192.22

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - a3t  - akia  - agpa  - aida  - aroa  - aipa  - anpa  - anva  - asia

Examples#

- text: >    client id =  A3T6AKIAFJKR45SAWS5Z    CLIENT SECRET = hjshnk5ex5u34565d4654HJKGjhz545d89sjkjak  client_id: A3T6AKIAFJKR45SAWS5Z  client_secret: hjshnk5ex5u34565d4654HJKGjhz545d89sjkjak
- text: |    client id =  A3T6AKIAFJKR45SAWSZ5    +S0ugN5wv2mBHr+i7AN7rTrg6Aa6b4l5V0xDIfn2S  client_id: A3T6AKIAFJKR45SAWSZ5  client_secret: S0ugN5wv2mBHr+i7AN7rTrg6Aa6b4l5V0xDIfn2S
- text: |    //545084392359.signin.aws.amazon.com/console    +    +    +AKIAX52MPYOTPRUCRC22    +9rtYl+xkeUhTBuOnnUuXRllSipaqGSq5WlL+NBwu    +    +===========================    +Microservices Co  client_id: AKIAX52MPYOTPRUCRC22  client_secret: 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
- text: |    @@ -0,0 +1,17 @@    +#!/bin/bash -e    +export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-AKIAIX4ONRSG6ODEFVJA}    +export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-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}
  client_id: AKIAIX4ONRSG6ODEFVJA  client_secret: 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