Amplify API Key
Service Name: AWS Amplify
Service Description: AWS Amplify is a set of tools and services that enables developers to build full-stack applications with features like authentication, storage, and serverless functions. It provides a framework for building mobile and web applications on AWS.
Service Address: https://aws.amazon.com/amplify/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the AWS account level using IAM policies and conditions.
Secret Access Scope: Grants programmatic access to AWS Amplify resources and services, allowing for deployment, management, and interaction with Amplify applications.
Secret Revokement URL: https://docs.aws.amazon.com/amplify/latest/userguide/security_iam_id-based-policy-examples.html
Secret Example: da2-abcdefghijklmnopqrstuvwxyz123
Suspicious Activity Investigation Instructions:
- Review AWS CloudTrail logs for unusual API calls related to Amplify services.
- Check for unauthorized deployments or modifications to Amplify applications.
- Monitor for unexpected changes to Amplify configurations or resources.
- Examine API usage patterns for anomalies in request volume or types.
- Verify if there are any unauthorized access attempts from unusual IP addresses.
Mitigation Instructions:
- Rotate the compromised Amplify API key immediately through the AWS Management Console.
- Create a new API key with appropriate permissions and update your applications.
- Review and update IAM policies to restrict access based on the Principle of Least Privilege.
- Enable AWS CloudTrail logging if not already enabled to monitor API activity.
- Consider implementing temporary credentials using AWS STS instead of long-lived API keys.
- Update any CI/CD pipelines or deployment scripts that may be using the compromised key.
- Implement AWS Config rules to monitor for policy violations and unauthorized access.