Skip to content

Yandex IAM Access Secret

Service Name: Yandex Cloud

Service Description: Yandex Cloud is a public cloud platform that helps businesses and developers build and scale applications and services using Yandex's infrastructure. It provides a range of cloud computing services including compute, storage, databases, machine learning, and more.

Service Address: https://cloud.yandex.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the service level using Yandex Cloud's network security features.

Secret Access Scope: Grants programmatic access to Yandex Cloud resources and services based on the IAM role permissions assigned to the service account.

Secret Revokement URL: https://cloud.yandex.com/en/docs/iam/operations/api-key/delete

Secret Example: YC.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Suspicious Activity Investigation Instructions:

  • Review Yandex Cloud audit logs for unusual API calls or resource access.
  • Check for unauthorized service account usage or unexpected resource creation.
  • Monitor for access from unusual geographic locations or IP addresses.
  • Verify if there are any unexpected changes to IAM permissions or roles.
  • Look for unusual patterns in API request volume or frequency.

Mitigation Instructions:

  • Immediately revoke the compromised IAM access secret through the Yandex Cloud console.
  • Create a new service account and access key if needed.
  • Review and update IAM permissions to follow the Principle of Least Privilege.
  • Enable additional security features like multi-factor authentication where available.
  • Update any applications or services that were using the compromised credentials.
  • Consider implementing rotation policies for access secrets.
  • Review and update network security settings to restrict access by IP address where appropriate.