Skip to content

AWS Full Credentials

Service Name: Amazon Web Services

Service Description: Amazon Web Services (AWS) is a comprehensive cloud platform offering over 200 fully featured services from data centers globally, providing computing power, storage, and other functionality to help businesses scale.

Service Address: https://aws.amazon.com/

Validation Type: NHI Enriched API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants programmatic access to AWS resources based on the permissions of the associated IAM user or role.

Secret Revokement URL: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_DeactivateDeleteKey

Secret Example: AKIAIOSFODNN7EXAMPLE

Suspicious Activity Investigation Instructions:

  • Review CloudTrail logs for unusual API calls or resource access
  • Check for unauthorized IAM users or roles created in your account
  • Look for unusual resource deployments or modifications
  • Monitor for unexpected data transfers out of your AWS account
  • Check for changes to security group rules or IAM policies

Mitigation Instructions:

  • Immediately deactivate the compromised access key in the AWS IAM console
  • Navigate to IAM > Users > [Username] > Security credentials
  • Find the compromised access key and click "Make inactive"
  • Delete the key after ensuring no legitimate services are using it
  • Create a new access key if needed with appropriate permissions
  • Rotate all potentially affected secrets and passwords
  • Review and restrict IAM permissions to follow the principle of least privilege