Skip to content

Yandex Cloud OAuth Token

Service Name: Yandex Cloud

Service Description: Yandex Cloud is a public cloud platform that helps businesses and developers build and scale applications and services using Yandex's infrastructure. It provides a range of cloud computing services including compute, storage, databases, machine learning, and more.

Service Address: https://cloud.yandex.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the service level through Yandex Cloud's security settings and access management.

Secret Access Scope: Grants programmatic access to Yandex Cloud resources and services, allowing management of cloud infrastructure, data access, and API operations.

Secret Revokement URL: https://cloud.yandex.com/en/docs/iam/operations/iam-token/create

Secret Example: t1.9euelZrMx5KbkJzNyoyLzMmKnMvKne3rnpWajJCYmpyYjZKYi5uNmJrLnprl8_dEFGFl-e8rdDRf_d3z9wRDXmP57yt0NF_9.SvgKAILK9KIoUfGjTYQlYZBNFXuRzKOoLjTnL-nQTJxOBocU_6j2TVnzdPVQCX2_0xUCNw-n1jfWRGMqmkuiDA

Suspicious Activity Investigation Instructions:

  • Review Yandex Cloud audit logs for unusual API calls or resource access
  • Check for unauthorized service usage or resource creation
  • Monitor for unexpected changes to cloud infrastructure configurations
  • Verify geographic locations of access attempts
  • Review authentication logs for failed login attempts or unusual access patterns

Mitigation Instructions:

  • Immediately revoke the compromised OAuth token through the Yandex Cloud console
  • Generate a new OAuth token if needed
  • Review and update IAM policies to enforce the Principle of Least Privilege.
  • Enable multi-factor authentication for all user accounts
  • Implement stricter IP-based access controls if available
  • Review all resources for unauthorized changes or configurations
  • Update any applications or services using the compromised token with the new token
  • Consider implementing token rotation policies for improved security