Yandex Cloud IAM Token
Service Name: Yandex Cloud
Service Description: Yandex Cloud is a public cloud platform that helps businesses and developers build and scale applications and services using Yandex's infrastructure. It offers a range of cloud computing services including compute, storage, databases, machine learning, and more.
Service Address: https://cloud.yandex.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured through Yandex Cloud's network security settings and access control policies.
Secret Access Scope: Grants programmatic access to Yandex Cloud resources and services based on the IAM role permissions associated with the token.
Secret Revokement URL: https://cloud.yandex.com/en/docs/iam/operations/iam-token/revoke
Secret Example: t1.9euelZrLz5KbiZKNx8-Vm8mSzp6Lxu3rnpWaj5nKjJCYmcbIzJnMjJKbl8_l8_dEFWFf-e8rdFxT_d3z90RDXl3570t0XFP9.SQpLQzOqQTsKgXN4i9CmxKPqGlaVtm9PS9RF9t-F9_qxgHVJOO-FSEHZLvRQJMQoYmEy7jbeTQNX9-y9oBbaDw
Suspicious Activity Investigation Instructions:
- Review Yandex Cloud audit logs for unusual API calls or resource access.
- Check for unauthorized resource creation or modification in your Yandex Cloud account.
- Monitor for unexpected changes to IAM roles or permissions.
- Look for API calls from unfamiliar IP addresses or locations.
- Verify if there are any unexpected increases in resource usage or billing.
Mitigation Instructions:
- Immediately revoke the compromised IAM token using the Yandex Cloud CLI or API.
- Create a new IAM token with appropriate permissions if needed.
- Review and update IAM policies to enforce the Principle of Least Privilege.
- Enable multi-factor authentication for all user accounts.
- Implement token rotation policies to regularly change IAM tokens.
- Consider using service accounts with limited permissions instead of user-based tokens.
- Set up alerts for suspicious activities in your Yandex Cloud environment.