Skip to content

Amplify API Key

Service Name: AWS Amplify

Service Description: AWS Amplify is a set of tools and services that enables developers to build full-stack applications with features like authentication, storage, and serverless functions. It provides a framework for building mobile and web applications on AWS.

Service Address: https://aws.amazon.com/amplify/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the AWS account level using IAM policies and conditions.

Secret Access Scope: Grants programmatic access to AWS Amplify resources and services, allowing for deployment, management, and interaction with Amplify applications.

Secret Revokement URL: https://docs.aws.amazon.com/amplify/latest/userguide/security_iam_id-based-policy-examples.html

Secret Example: da2-abcdefghijklmnopqrstuvwxyz123

Suspicious Activity Investigation Instructions:

  • Review AWS CloudTrail logs for unusual API calls related to Amplify services.
  • Check for unauthorized deployments or modifications to Amplify applications.
  • Monitor for unexpected changes to Amplify configurations or resources.
  • Examine API usage patterns for anomalies in request volume or types.
  • Verify if there are any unauthorized access attempts from unusual IP addresses.

Mitigation Instructions:

  • Rotate the compromised Amplify API key immediately through the AWS Management Console.
  • Create a new API key with appropriate permissions and update your applications.
  • Review and update IAM policies to restrict access based on the Principle of Least Privilege.
  • Enable AWS CloudTrail logging if not already enabled to monitor API activity.
  • Consider implementing temporary credentials using AWS STS instead of long-lived API keys.
  • Update any CI/CD pipelines or deployment scripts that may be using the compromised key.
  • Implement AWS Config rules to monitor for policy violations and unauthorized access.