Yandex Cloud API Key
Service Name: Yandex Cloud
Service Description: Yandex Cloud is a public cloud platform that provides infrastructure, storage, computing, and AI services. It offers a range of cloud services including virtual machines, managed databases, object storage, and machine learning tools.
Service Address: https://cloud.yandex.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the service level using Yandex Cloud's network security features.
Secret Access Scope: Grants programmatic access to Yandex Cloud resources and services, allowing management of cloud infrastructure, data storage, and other cloud services.
Secret Revokement URL: https://cloud.yandex.com/en/docs/iam/operations/api-key/delete
Secret Example: AQVN1XfF00000000gMs1GSy1a5HxRRRRRRRRRRRR
Suspicious Activity Investigation Instructions:
- Review Yandex Cloud audit logs for unusual API calls or resource access.
- Check for unauthorized resource creation or modification in your Yandex Cloud account.
- Monitor for unexpected changes in billing or resource usage.
- Examine access patterns for geographic anomalies or access from unusual locations.
- Review network traffic to identify any suspicious data transfers.
Mitigation Instructions:
- Immediately revoke the compromised API key through the Yandex Cloud console.
- Navigate to the IAM section in the Yandex Cloud console.
- Select Service accounts and locate the affected service account.
- Delete the compromised API key.
- Create a new API key with appropriate permissions if needed.
- Review and update IAM policies to enforce the Principle of Least Privilege.
- Enable additional security features like multi-factor authentication for your Yandex Cloud account.
- Implement monitoring and alerting for suspicious activities in your Yandex Cloud environment.