CloudFront Private Key
Service Name: Amazon CloudFront
Service Description: Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds. CloudFront private keys are used to create signed URLs or signed cookies that provide secure access to private content.
Service Address: https://aws.amazon.com/cloudfront/
Validation Type: -
IP Allow list: IP restrictions can be configured through CloudFront distribution settings and AWS WAF (Web Application Firewall).
Secret Access Scope: Grants ability to create signed URLs or signed cookies that provide time-limited access to private CloudFront content.
Secret Revokement URL: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-removing-trusted-signers
Secret Example:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAo54gJ/sy9DWyQ+JzGLCiCnBl2hTmIrHQW7CwB/4vLvsRQOy5
lx1qSdCfGmg/i2J9aAcjB0vHq7l5yYDJ8FSBKSD2jTVAIjrXOdPBUmeHCpjBEHzH
eU4xObiYm+Q9TyWDQSJA9GtN7NjpP4HmYc8MGJ+aYjWB1rEtcNs0jZR7AkqhQcQl
S8MRJ3+S9HNYrkKYeD6iZ+aiQXgYIX8l0lLCJjjoFJn0Bwj6HBao1we8xA==
-----END RSA PRIVATE KEY-----
Suspicious Activity Investigation Instructions:
- Review CloudFront access logs for unusual patterns or unexpected access to content.
- Check CloudTrail logs for API calls related to CloudFront distributions or key pair management.
- Monitor for unexpected spikes in CloudFront usage or bandwidth consumption.
- Verify if signed URLs or cookies are being generated from unexpected sources.
- Examine the IP addresses accessing your CloudFront content for suspicious locations.
Mitigation Instructions:
- Create a new key pair in the AWS Management Console.
- Update your CloudFront distribution to use the new key pair.
- Remove the compromised key pair from your trusted key groups or trusted signers.
- Update any applications that generate signed URLs or cookies to use the new key.
- Consider implementing additional security measures like shorter expiration times for signed URLs.
- Review and update IAM permissions related to CloudFront key management.
- Enable AWS CloudTrail logging for CloudFront API operations if not already enabled.