Yandex Cloud OAuth Token
Service Name: Yandex Cloud
Service Description: Yandex Cloud is a public cloud platform that helps businesses and developers build and scale applications and services using Yandex's infrastructure. It provides a range of cloud computing services including compute, storage, databases, machine learning, and more.
Service Address: https://cloud.yandex.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the service level through Yandex Cloud's security settings and access management.
Secret Access Scope: Grants programmatic access to Yandex Cloud resources and services, allowing management of cloud infrastructure, data access, and API operations.
Secret Revokement URL: https://cloud.yandex.com/en/docs/iam/operations/iam-token/create
Secret Example: t1.9euelZrMx5KbkJzNyoyLzMmKnMvKne3rnpWajJCYmpyYjZKYi5uNmJrLnprl8_dEFGFl-e8rdDRf_d3z9wRDXmP57yt0NF_9.SvgKAILK9KIoUfGjTYQlYZBNFXuRzKOoLjTnL-nQTJxOBocU_6j2TVnzdPVQCX2_0xUCNw-n1jfWRGMqmkuiDA
Suspicious Activity Investigation Instructions:
- Review Yandex Cloud audit logs for unusual API calls or resource access
- Check for unauthorized service usage or resource creation
- Monitor for unexpected changes to cloud infrastructure configurations
- Verify geographic locations of access attempts
- Review authentication logs for failed login attempts or unusual access patterns
Mitigation Instructions:
- Immediately revoke the compromised OAuth token through the Yandex Cloud console
- Generate a new OAuth token if needed
- Review and update IAM policies to enforce the Principle of Least Privilege.
- Enable multi-factor authentication for all user accounts
- Implement stricter IP-based access controls if available
- Review all resources for unauthorized changes or configurations
- Update any applications or services using the compromised token with the new token
- Consider implementing token rotation policies for improved security