In this episode, we discuss what to do if you accidentally leak your AWS credentials during a live stream. We explain the difference between temporary credentials and long-lived credentials, and how to revoke each type. For temporary credentials, we recommend using the AWS console to revoke sessions or creating an IAM policy to deny access. For long-lived credentials, you must deactivate and rotate the credentials. We also touch on using tools like HashiCorp Vault to manage credentials securely.
💰 SPONSORS 💰
AWS Bites is brought to you by fourTheorem, the AWS consulting partner that doesn’t suck. Check us out at fourTheorem.com
🔖 Chapters:
00:00 Introduction to the scenario of accidentally leaking credentials during a live stream
01:24 Why leaked temporary credentials can still do damage before they expire
02:51 Explaining you cannot directly invalidate temporary credentials like you can access keys
03:18 How to modify the IAM role permissions for the temporary credentials
06:33 IAM Console option to revoke sessions for a specific role
08:21 Rotating long-lived credentials
09:14 Implications of using HashiCorp Vault to handle AWS credentials
09:52 Conclusions and call to action
In this episode, we mentioned the following resources:
- Gist with example policy: gist.github.com/lmammino/02fe...
- Revoking IAM role temporary security credentials (official AWS docs): docs.aws.amazon.com/IAM/lates...
You can listen to AWS Bites wherever you get your podcasts:
- Apple Podcasts: podcasts.apple.com/us/podcast...
- Spotify: open.spotify.com/show/3Lh7Pzq...
- Google: podcasts.google.com/feed/aHR0...
- Breaker: www.breaker.audio/aws-bites
- RSS: anchor.fm/s/6a3312a0/podcast/rss
Do you have any AWS questions you would like us to address?
Leave a comment here or connect with us on X, formerly Twitter:
- / eoins
- / loige
#aws #security #credentials #leaked
Негізгі бет Ғылым және технология 113. How do you revoke leaked credentials?
Пікірлер