AWS Trusted Advisor recently added a new check 'Exposed Access Key' in Security category. This to checks popular code repositories for access keys that have been exposed to the public and for irregular Amazon Elastic Compute Cloud (Amazon EC2) usage that could be the result of a compromised access key. By default Trusted Advisor run … Continue reading keyWatcher scan exposed AWS key
Month: September 2016
‘aws support describe-trusted-advisor-checks’ is us-east-1 only?
Just found this out - you have to hard code '--region us-east-1` when run aws support trusted advisor relevant commands. I guess this is caused by the same reason that I explained in my previous blog IAM dependency. Here is my conclusion: whenever AWS says the service is global which does not require a region … Continue reading ‘aws support describe-trusted-advisor-checks’ is us-east-1 only?
CloudTrail bug
I found this bug in CloudTrail when working on the AWS keyWatcher project. I noticed that some CloudTrail logs do not have access key id field. Then I opened a ticket with AWS support, and they forwarded it to the CloudTrail service team. Here is the response which confirms it is a bug: Briefly speaking, … Continue reading CloudTrail bug
AWS keyWatcher
We have seen multiple times that users accidentally expose their AWS access key and secret key on Internet, e.g. GitHub. This is a really dangerous thing, as whoever get that key can do whatever you can do to your AWS account. Here are two examples, the exposed key was used by someone unknown to create … Continue reading AWS keyWatcher
AWS IAM Dependency
I did not know that there is a dependency between regions for AWS IAM service until one day when IAM had a outage, as I have never seen any relevant information in any AWS documentations. On 23/Aug Sydney time, I notice that the IAM console is not full functional when I try to make a … Continue reading AWS IAM Dependency
Jackie Chen's IT Workshop 