Skip to content

Yandex Cloud IAM Token

Service Name: Yandex Cloud

Service Description: Yandex Cloud is a public cloud platform that helps businesses and developers build and scale applications and services using Yandex's infrastructure. It offers a range of cloud computing services including compute, storage, databases, machine learning, and more.

Service Address: https://cloud.yandex.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured through Yandex Cloud's network security settings and access control policies.

Secret Access Scope: Grants programmatic access to Yandex Cloud resources and services based on the IAM role permissions associated with the token.

Secret Revokement URL: https://cloud.yandex.com/en/docs/iam/operations/iam-token/revoke

Secret Example: t1.9euelZrLz5KbiZKNx8-Vm8mSzp6Lxu3rnpWaj5nKjJCYmcbIzJnMjJKbl8_l8_dEFWFf-e8rdFxT_d3z90RDXl3570t0XFP9.SQpLQzOqQTsKgXN4i9CmxKPqGlaVtm9PS9RF9t-F9_qxgHVJOO-FSEHZLvRQJMQoYmEy7jbeTQNX9-y9oBbaDw

Suspicious Activity Investigation Instructions:

  • Review Yandex Cloud audit logs for unusual API calls or resource access.
  • Check for unauthorized resource creation or modification in your Yandex Cloud account.
  • Monitor for unexpected changes to IAM roles or permissions.
  • Look for API calls from unfamiliar IP addresses or locations.
  • Verify if there are any unexpected increases in resource usage or billing.

Mitigation Instructions:

  • Immediately revoke the compromised IAM token using the Yandex Cloud CLI or API.
  • Create a new IAM token with appropriate permissions if needed.
  • Review and update IAM policies to enforce the Principle of Least Privilege.
  • Enable multi-factor authentication for all user accounts.
  • Implement token rotation policies to regularly change IAM tokens.
  • Consider using service accounts with limited permissions instead of user-based tokens.
  • Set up alerts for suspicious activities in your Yandex Cloud environment.