What is AWS?
AWS Stands for Amazon Web Services that provides service over cloud such as managing Data centers so user do not need to deploy physical servers. Aws provide all those facility that are needed by user to run an application. It provides all the services such as monitoring, logging and much more over the cloud and that too on pay per use basis.
As per AWS responsibility model (Where mentioned what services are managed by user and what are managed by AWS) so, authorization must be handles by user only.
What is Access Keys?
To protect the account or to reduce the surface of attack, AWS gives us IAM facility that helps to manage user accounts, roles and policies. By using access keys we can provide users to work on over servers with the privileages defined by us and without sharing the login credentials with him.. In order to configure the AWS with keys you can use this command
Command: aws configure
Configure: Use this to configure AWS command Line interface.
As we enter this command it with ask AWS access key ID
After that, it ask AWS Secret Access key , insert the secret key provided by the admin to you
Rest 2 we can leave as blank or we can choose the region as I chose us-east-1 in my case. After performing above steps our account configuration is done and we can access our account from CLI.
How keys exposed?
In case of AWS, keys can be exposed very easily. Sometimes it done by hacker or sometimes organization did it intentionally like sending the code on public repositories the left the key in that code which gets exposed.
There are some steps which are suggested by AWS if your keys exposed.
· Associated account with those keys:
We have to check the permission associated with access keys.
i. Sometimes key only have read permission, in this it’s easy to stop the application.
ii. Sometimes key have read and write both the permissions. It means hacker can write and easily manipulate the saved data.
On this basis, we have to decide our priority
· Invalidating exposed access keys: Invalidation can be achieved by two ways.
i. Disable: Disable is always recommended, as it is very easy to enable it again if needed.
ii. Delete: We cannot go back if keys got deleted, but if these keys affect too many resources, then deletion is a better choice.
· Invalidating temporary credentials which was generated using exposed keys: Access keys can be used to generate temp credentials which are valid for 15 min to 36 hours. So after getting the exposed keys attacker can actually generate some temp token which can be used by him in meantime to fetch the data and do the modifications.
How to check temporary credentials:
Command: aws sts get-session-token
Sts(Security Token Service):
On generating these credentials we found out that it provided us access key and the secret key which can be used for sending the request further.
If we delete the access key which was used to generate these temporary keys, the temporary key doesn’t get invalidated so they still pose threats.
How to protect temporary key:
i. We can add an explicit deny policy.
In AWS account, inside IAM we have policy option. Select that option that you have to select the resource where you want to implement it. After providing the resource, we can set “Effect” to “Deny”.
Here for all resource and for any action, traffic will not be accepted.
After implementing the explicit deny for the user whose keys were exposed the temporary keys will stop working as well.
ii. Remove all policy associated with those keys.
· Restore new credentials with the same account:
Creation of new access key/secret keys with the same account and check the functionality based on those keys.
· Give priority to IAM roles over long terms keys.