Today, I would like to share an interesting situation happened in my personal AWS account and this should be a good learning too..
This can be most common use case but we should be very careful.
I had only one root account and one user account under my AWS and Root account has an MFA and regular user account does not have any MFA.
I use my regular user account to perform the programmatic access as it is personal account I have it as an administrator privilege's.(Not a good practice) learn to be specific on providing least privilege's access. I generally use AWS config to setup my machine to connect with any AWS services. And I am playing around to see how to solve if they are compromised to an attacker.
If for any reason this config is hacked as they are in my local machine then my entire AWS account is exposed as they can read/write/access any personal information data, If this is an organization account.
So I used set-token temporarily using AWS sts get-session token.
By this way we can only provide the access to AWS account for limited amount of time and once they expire we need to login to access the AWS Account. Now I Imagined if these temporary credentials are compromised how to protect AWS Account.
I see we have an option to Disable or Delete a user but if this is an Account specific user and has access to production then the production system is down, if we Disable or Delete the user account. Also found that if we disable the account the temporary credentials are able to still access the AWS Services untill the token is expired. So In this case we should be aware of what the policy is assigned to that user account.(Never grant permissions which are not required).
So In this case I updated the policy under the Administrator to "DENY" all the access and then found that account is protected.
So I want to narrate this story which I did as an exercise, so that If you see this issue in Real time do not Delete/Disable User in Rush to protect from the Incident. Please do watch watch the roles and use Cloud-Trial to analyze what kind of changes were made.
Top comments (0)