My AWS key leaked!
-
What?
I was working on setting up VPC using Terraform on AWS, later I pushed
those codes into the my GitHub, but accidently I pushed my AWS keys too!
And I was totally unaware it.
-
Meantime
I took a good 1 hour break for my lunch after pushing the code.
Immediately I got a mail from GitHub which said "Aws apikey exposed on
GitHub" and a call for an alert, which I dint give much attention to in
my sweet time. ("I am Never gonna do that again for sure !!!")
-
Back to desk
I came back to check my mail wondering what kind of number was that?
I had recieved mails from AWS too, which said "Irregular activity
in your AWS account"and I was like "Its just me dude eperimenting!!!"
I logged into AWS account - BOOM!!! I saw someone has hacked into it
and has ran more than 20 instances in all the provided regions in AWS.
Whaaaat? How did this happened? What more this person could do? Why
would someone do it? so many questions in my mind.
All these happened when I pushed my keys:Access key id and secrectaccess key into GitHub. Using these someone barged into my AWS, and myIAM user had admin privilages which gave all the permissions to get thethings done.I was completely blank and had no idea what worse can come nor I knewwhat to do.
-
Actions
Here is what I did.
a. Deleted the repository on github where I had pushed AWS keys
Unfortunately this isn't sufficient enough.
b. Changed Amazon root password
c. Deleted IAM user
d. Created new IAM user to delete all the resources that were created.
e. Deleted the key from the root account.
-
Learnings
- Never Panick !!!
- Prevent pushing AWS key and other sensitive data inot git repo.
- Use:https://github.com/awslabs/git-secrets
- Set billing alarm, after all pocket matters.
Go ahead and enjoy just dont commit the sensitive info!!!
