Yandex IAM Access Secret
Service Name: Yandex Cloud
Service Description: Yandex Cloud is a public cloud platform that helps businesses and developers build and scale applications and services using Yandex's infrastructure. It provides a range of cloud computing services including compute, storage, databases, machine learning, and more.
Service Address: https://cloud.yandex.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the service level using Yandex Cloud's network security features.
Secret Access Scope: Grants programmatic access to Yandex Cloud resources and services based on the IAM role permissions assigned to the service account.
Secret Revokement URL: https://cloud.yandex.com/en/docs/iam/operations/api-key/delete
Secret Example: YC.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Suspicious Activity Investigation Instructions:
- Review Yandex Cloud audit logs for unusual API calls or resource access.
- Check for unauthorized service account usage or unexpected resource creation.
- Monitor for access from unusual geographic locations or IP addresses.
- Verify if there are any unexpected changes to IAM permissions or roles.
- Look for unusual patterns in API request volume or frequency.
Mitigation Instructions:
- Immediately revoke the compromised IAM access secret through the Yandex Cloud console.
- Create a new service account and access key if needed.
- Review and update IAM permissions to follow the Principle of Least Privilege.
- Enable additional security features like multi-factor authentication where available.
- Update any applications or services that were using the compromised credentials.
- Consider implementing rotation policies for access secrets.
- Review and update network security settings to restrict access by IP address where appropriate.