• What?
    I was working on setting up VPC using Terraform on AWS, later I pushed
    those codes into the my GitHub, but accidently I pushed my AWS keys too!
    And I was totally unaware it.

  • Meantime
    I took a good 1 hour break for my lunch after pushing the code.
    Immediately I got a mail from GitHub which said "Aws apikey exposed on
    GitHub" and a call for an alert, which I dint give much attention to in
    my sweet time. ("I am Never gonna do that again for sure !!!")

  • Back to desk
    I came back to check my mail wondering what kind of number was that?
    I had recieved mails from AWS too, which said "Irregular activity
    in your AWS account"and I was like "Its just me dude eperimenting!!!"
    I logged into AWS account - BOOM!!! I saw someone has hacked into it
    and has ran more than 20 instances in all the provided regions in AWS.
    Whaaaat? How did this happened? What more this person could do? Why
    would someone do it? so many questions in my mind.
    All these happened when I pushed my keys:Access key id and secrect
    access key
    into GitHub. Using these someone barged into my AWS, and my
    IAM user had admin privilages which gave all the permissions to get the
    things done.
    I was completely blank and had no idea what worse can come nor I knew
    what to do.

  • Actions
    Here is what I did.
    a. Deleted the repository on github where I had pushed AWS keys
    Unfortunately this isn't sufficient enough.
    b. Changed Amazon root password
    c. Deleted IAM user
    d. Created new IAM user to delete all the resources that were created.
    e. Deleted the key from the root account.

  • Learnings
    -Never Panick !!!
    -Prevent pushing AWS key and other sensitive data inot git repo.
    -Use:https://github.com/awslabs/git-secrets
    -Set billing alarm, after all pocket matters.
    https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/gs_monitor_estimated_charges_with_cloudwatch.html#gs_creating_billing_alarm

    Go ahead and enjoy just dont commit the sensitive info!!!