AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Autoexpire iam access key11/6/2022 Summarize recent API activity for the user from CloudTrail. If there is an error in this step then skip to the last step. Delete the exposed IAM Access Key Pair.A configured CloudWatch Events rule matches this event, triggering an execution of the ExposedKey state machine, which has the following sub-steps:.AWS also temporarily restricts the API calls the key is able to make. AWS Health detects the key, generating a AWS_RISK_CREDENTIALS_EXPOSED CloudWatch Event. An IAM Access Key is inadvertently uploaded to one of the popular code repositories monitored by AWS.This repository contains sample code for all the Lambda functions depicted in the diagram below as well as an AWS CloudFormation template for creating the functions and related resources. In response to this event, an automated workflow deletes the exposed IAM Access Key, summarizes the recent API activity for the exposed key, and sends the summary message to an Amazon Simple Notification Service (SNS) Topic to notify the subscribers- all orchestrated by an AWS Step Functions state machine. On detection of an exposed IAM access key, AWS Health generates an AWS_RISK_CREDENTIALS_EXPOSED CloudWatch Event. Autoexpire iam access key how to#This example demonstrates how to use AWS Step Functions to orchestrate a serverless AWS Lambda workflow in response to an Amazon CloudWatch Event generated by AWS Health.ĪWS proactively monitors popular code repository sites for exposed AWS Identity and Access Management (IAM) access keys.
0 Comments
Read More
Leave a Reply. |