IBM Cloud IAM API Key
Service Name: IBM Cloud
Service Description: IBM Cloud is a suite of cloud computing services from IBM that offers both platform as a service (PaaS) and infrastructure as a service (IaaS). IBM Cloud IAM (Identity and Access Management) API keys are used for programmatic access to IBM Cloud resources.
Service Address: https://cloud.ibm.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level using IBM Cloud context-based restrictions.
Secret Access Scope: Grants programmatic access to IBM Cloud resources and services based on the permissions assigned to the user or service ID that created the API key.
Secret Revokement URL: https://cloud.ibm.com/iam/apikeys
Secret Example: IBMCl0ud-ApiK3y-AbCdEf1234GhIjKlMnOpQrStUvWxYz
Suspicious Activity Investigation Instructions:
- Review IBM Cloud Activity Tracker logs for unusual API calls or resource access.
- Check IBM Cloud console for unexpected resource creation or modification.
- Monitor for unauthorized service usage or unusual geographic access patterns.
- Review IAM access policies to ensure they haven't been modified unexpectedly.
- Check for any new service IDs or API keys that may have been created without authorization.
Mitigation Instructions:
- Log in to the IBM Cloud console at IBM Cloud.
- Navigate to Manage > Access (IAM) > API keys.
- Locate the compromised API key in the list.
- Click the "Actions" menu (three dots) next to the key and select Delete.
- Confirm the deletion when prompted.
- Create a new API key with appropriate permissions if needed.
- Review and update access policies to enforce the Principle of Least Privilege.
- Enable multi-factor authentication for all users with access to the IBM Cloud account.
- Consider implementing context-based restrictions to limit API key usage to specific IP ranges.