Temporary AWS Access Key ID
Service Name: Amazon Web Services
Service Description: Amazon Web Services (AWS) is a comprehensive cloud platform offering over 200 fully featured services from data centers globally. Temporary AWS Access Keys are short-term credentials that provide temporary access to AWS resources.
Service Address: https://aws.amazon.com/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants temporary programmatic access to AWS resources with permissions defined by the associated IAM role or policy.
Secret Revokement URL: Does not exist (temporary credentials expire automatically)
Secret Example: ASIAIOSFODNN7EXAMPLE
Suspicious Activity Investigation Instructions:
- Review CloudTrail logs for unusual activity associated with the temporary credentials
- Check for unexpected resource creation or deletion
- Monitor for unusual API calls from unfamiliar IP addresses
- Examine AWS Config for configuration changes during the credential validity period
- Verify if the temporary credentials were issued through expected channels (AssumeRole, GetSessionToken)
Mitigation Instructions:
- Temporary credentials cannot be manually revoked but will expire automatically
- If compromise is suspected, revoke the IAM role or user that generated the temporary credentials
- Navigate to the AWS IAM Console
- Locate the source IAM role/user and modify its permissions or trust relationships
- Consider rotating any permanent credentials that might have been used to generate the temporary ones
- Update security policies to reduce the maximum session duration for temporary credentials
- Enable AWS CloudTrail to monitor for suspicious credential usage