부정 사용될 수 있습니다.승인된 정책

3263 단어 AWS
(자용)
어느 날 aws로부터 메일을 받았어요.
8월 7일
Hello,
We have detected activity that indicates your AWS account has been compromised. Please take the necessary steps to re-secure your account.
To protect you from unauthorized usage and charges, failure to reply or follow these steps within five days may result in the suspension of your account, and disruption of AWS service.
To re-secure your account, I have included below the necessary steps for you to re-secure the account. Please bear with us, as this is a long email, but rest assured every step in it is important to your account's security. You'll need to complete the following:
  • Update your root account password.
  • DELETE the exposed key
  • 8월 8일
    Hello,
    We have detected activity that indicates your AWS account has been compromised. Please take the necessary steps to re-secure your account. We have been unable to reach you by phone.
    For your convenience, I’ve summarized the information in this email.
    8월 11일
    Hi there,
    We've recently tried to contact you via email and telephone with regards to your account compromise.
    Please review the correspondence sent to you via email which includes steps required to securing your account.
    We are going to resolve this case for administrative reasons.
    Please feel free to reach out to us via this case at any time.
    8월 13일 우편물의 내용을 파악하다.
    우편물 과 같이

    루트 사용자 암호 수정


    IAM 사용자 액세스 키를 수정합니다.다시 설정합니다.


    결국 경보가 사라지지 않았어요.


    대응하는 시간이 벌써 5일이 지났으니까?

    AWS 지원에 메일을 보냅니다.


    추후 갱신
    8월 13일 우편 접수
    Dear AWS Customer,
    Thank you for deleting your compromised AWS Access Key(s) of account ending with 0000. Please ensure that no unauthorized resources remain on your account, and we ask that you pay special attention to IAM users and EC2 instances. Please take steps to prevent any new credentials from being published in this manner again.
    Thank you for trusting your business to AWS. We work hard to keep you safe!
    Sincerely,
    Amazon Web Services
    This message was produced and distributed by Amazon Web Services, Inc. and affiliates, 410 Terry Ave. North, Seattle, WA 98109-5210.
    앞으로 주의하세요.

    그래도 경보가 사라지지 않아요.



    AWS 지원 - Your support cases-Details를 통해 확인


    AWSExposedCredentialPolicy_DO_NOT_REMOVE 정책 부여
    권한이 데니가 됐어.너무하다

    rails app에서 환경 변수화가 없는 상황에서foggem을 이용하여 s3에 접근하는 키를 가져와public의github로 끌어올리기 때문이다.
    자업자득이야.
    누설된 키를 변경합니다.IAM 사용자가 삭제, 재제작루트 사용자 암호를 변경합니다.탭
  • AWS_ACCESS_KEY_ID(재발급)
  • AWS_SECRET_ACCESS_KEY(재발매)
  • 루트 사용자 암호 변경
  • IAM 사용자 삭제
  • IAM 사용자 재생성
  • 정책 삭제

  • 좋은 웹페이지 즐겨찾기