Every sad story starts with “A Threat Actor Obtained Access to a Set of AWS Keys and Used Them to Access the AWS API”

AllCloud Blog:
Cloud Insights and Innovation

Over the past weeks we have seen an increased number of incidents where threat actors have gained access to AWS Keys or IAM User Accounts that don’t require MFA. These actors are gaining access to AWS environments and benefiting from widely open IAM policies.

As our customer, we want to make sure that you’re following these basic steps:

Machine Access to AWS Resources

  1. Avoid using AWS Keys in your Application and leverage IAM Role for EC2/ECS and Lambda instead.
  2. Don’t save sensitive configuration data in configuration files, instead save sensitive configuration parameters in SSM Parameter Store where they are encrypted through KMS.

Human Access to AWS Resources

  1. Manage your users tightly through a strong policy that requires complex passwords, multi-factor authentication and password rotation.
  2. Centralize the user management where you can gain proper control, visibility and monitoring of the identities.
  3. Use Temporary Credentials to access AWS API, don’t rely on users to “securely” store these keys.
  4. Use least privilege approach when granting access to AWS resources.

Minimize Room for Mistakes

  1. Build your architecture with the right segregation so that users’ mistakes such as exposing services and data over public internet will not harm your systems.
  2. Use Config Rules to enforce your policies and validate that your environment complies with your goals, for example don’t allow S3 bucket to be created without tight policy that restricts access between S3 and unknown sources.

Monitor Your Security End-to-End

  1. AWS provides great auditing and visibility data for almost every element, leverage these to create central Security Monitoring and Alerting.

Recent Stories

For in depth guidance about securing your cloud end-to-end, contact us at info@allcloudmain.kinsta.cloud

Lahav Savir

Founder and CTO, Cloud Platforms

Read more posts by Lahav Savir