Skip to content

Alibaba Cloud Keys

Service Name: Alibaba Cloud (Aliyun)

Service Description: Alibaba Cloud provides a comprehensive suite of cloud computing services globally, including elastic computing, database services, storage, network virtualization, large-scale computing, security, and management services.

Service Address: https://www.alibabacloud.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the RAM (Resource Access Management) level through security policies.

Secret Access Scope: Grants programmatic access to Alibaba Cloud resources and services based on the permissions assigned to the associated RAM user or role.

Secret Revokement URL: https://www.alibabacloud.com/help/en/resource-access-management/latest/delete-an-accesskey-pair

Secret Example: LTAIxxxxxxxxxxxxxxxx (Access Key ID), xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (Access Key Secret)

Suspicious Activity Investigation Instructions:

  • Review ActionTrail logs for unusual API calls or resource access patterns
  • Check the Alibaba Cloud Console for unexpected resource creation or modification
  • Monitor for unauthorized service usage or unusual traffic patterns
  • Examine billing information for unexpected charges or resource usage
  • Verify IP addresses that have used the access key against expected access patterns

Mitigation Instructions:

  • Log in to the Alibaba Cloud Console
  • Navigate to the RAM console (Resource Access Management)
  • Select the affected RAM user
  • Go to the "Authentication" tab and locate the "AccessKey" section
  • Click "Disable" to temporarily disable the compromised access key
  • Click "Delete" to permanently remove the compromised access key
  • Create a new access key pair if needed
  • Update all legitimate applications with the new access key
  • Review and tighten RAM policies to enforce the Principle of Least Privilege.
  • Consider implementing STS (Security Token Service) for temporary credentials instead of long-term access keys