Skip to main content

AWS Compromised Credentials

This article is the immediate response, it was created to minimise our window of exposure

Steps for a leaked credentials

1) Login into our AWS Management Console

2) Go to Services -> IAM and search for the user with credentials leaked (TIP You can search either by Access Keys or by Username). In case you prefer using the CLI:

aws iam list-users --output json --query 'Users[?contains(UserName, `testAlejandro`)  == `true`]'

3) Within the User, click in “Delete user” button (top right corner). If you prefer to use the CLI you’ll have to delete dependencies (Access Keys, Groups, etc), an example can be found here.

4) If the service team is known we should notify them via their slack channel (and @ the specific user). If the service team isn’t known message should be sent privately on Slack.

Getting new credentials

Most of the users and keys are created through terraform, the process to recreate them are here

This page was last reviewed on 7 June 2021. It needs to be reviewed again on 7 September 2021 by the page owner #cloud-platform .
This page was set to be reviewed before 7 September 2021 by the page owner #cloud-platform. This might mean the content is out of date.