Last updated: 2022-08-25 Show
I see resources that I don't remember creating in the AWS Management Console. -or- I received a notification that my AWS resources or account might be compromised. Short descriptionIf you suspect unauthorized activity in your AWS account, first verify if the activity was unauthorized by doing the following:
Then, if you see unauthorized activity, follow the instructions in the If there was unauthorized activity in your AWS account section of this article. Note: If you can't sign in to your account, see What do I do if I'm having trouble signing in to or accessing my AWS account? ResolutionVerify if there was unauthorized activity in your AWS accountIdentify any unauthorized actions taken by the IAM identities in your account
Identify any unauthorized access or changes to your account For instructions, see How can I monitor the account activity of specific IAM users, roles, and AWS access keys? Also, see How can I troubleshoot unusual resource activity with my AWS account? Identify the creation of any unauthorized resources or IAM users To identify any unauthorized resource usage, including unexpected services, Regions, or charges to your account, review the following:
Note: You can also use AWS Cost Explorer to review the charges and usage associated with your AWS account. For more information, see How can I use Cost Explorer to analyze my spending and usage? If there was unauthorized activity in your AWS accountImportant: If you received a notification from AWS about irregular activity in your account, first do the following instructions. Then, respond to the notification in the AWS Support Center with a confirmation of the actions that you completed. Rotate and delete exposed account access keys Check the irregular activity notification sent by AWS Support for exposed account access keys. If there are keys listed, then do the following for those keys:
For more information, see Best practices for managing AWS access keys and Managing access keys for IAM users. Rotate any potentially unauthorized IAM user credentials
If you use temporary security credentials, then see Revoking IAM role temporary security credentials. Check your AWS CloudTrail logs for unsanctioned activity
For more information, see Working with CloudTrail. Delete any unrecognized or unauthorized resources 1. Sign in to the AWS Management Console. Then, verify that all the resources in your account are resources that you launched. Be sure to check and compare the usage from the previous month to the current one. Make sure that you look for all resources in all AWS Regions—even Regions where you never launched resources. Also, pay special attention to the following resource types:
2. Delete any unrecognized or unauthorized resources. For instructions, see How do I terminate active resources that I no longer need on my AWS account? Important: If you must keep any resources for investigation, consider backing up those resources. For example, if you must retain an EC2 instance for regulatory, compliance, or legal reasons, then create an Amazon EBS snapshot before terminating the instance. Recover backed-up resources If you configured services to maintain backups, then recover those backups from their last known uncompromised state. For more information about how to restore specific types of AWS resources, see the following:
Verify your account information Verify that all of the following information is correct in your AWS account:
Note: For more information about AWS account security best practices, see What are some best practices for securing my AWS account and its resources? Did this article
help? Do you need billing or technical support? AWS support for Internet Explorer ends on 07/31/2022. Supported browsers are Chrome, Firefox, Edge, and Safari. Learn more » Which of the following would pose the greatest threat to a user's personal privacy?Which of the following would pose the greatest threat to a user's personal privacy if it were to be shared with the public? Internet of Things. What should you do if somebody at your school is bullying your friend? Which of the following statements is NOT true about creative credit and copyright?
Which of the following best describes a benefit of IPv6 over IPv4?Which of the following best describes a benefit of IPv6 over IPv4? IPv6 addresses are shorter than IPv4 addresses, which allows for faster routing of packets.
Which if the following best explains how a certificate authority is used in protecting data?Which of the following best explains how a certificate authority is used in protecting data? A certificate authority verifies the authenticity of encryption keys used in secured communications.
What is the purpose of packet metadata?What is the purpose of packet metadata? a. Metadata contains information about the protocols a specific computer uses to create and send packets.
|