Scaleway Token
Service Name: Scaleway
Service Description: Scaleway is a European cloud provider offering a range of cloud computing services including compute instances, Kubernetes, object storage, databases, and serverless functions. It provides infrastructure as a service (IaaS) and platform as a service (PaaS) solutions.
Service Address: https://www.scaleway.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the project level through Security Groups.
Secret Access Scope: Grants programmatic access to Scaleway resources and APIs, allowing management of compute instances, storage, databases, and other Scaleway services.
Secret Revokement URL: https://console.scaleway.com/iam/api-keys
Secret Example: SCW.XXXXXXXXXXXXXXXXXXXX.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXX
Suspicious Activity Investigation Instructions:
- Review the API logs in the Scaleway console for unusual API calls or resource access.
- Check for unexpected resource creation or deletion (instances, storage buckets, databases).
- Monitor for unusual traffic patterns or unexpected outbound connections from your instances.
- Verify if there are any unauthorized users added to your projects.
- Check for unexpected changes in billing or resource usage.
Mitigation Instructions:
- Log in to the Scaleway Console at https://console.scaleway.com/
- Navigate to IAM & Organization > API Keys section.
- Locate the compromised API key.
- Click on the three dots menu next to the key and select "Revoke".
- Confirm the revocation.
- Create a new API key if needed.
- Review all resources for unauthorized changes or backdoors.
- Update any applications or services that were using the compromised key.
- Consider implementing more restrictive security policies, such as limiting API key permissions.
- Enable audit logging for better visibility into API usage.