Automating AWS Security: Monitoring and Mitigating Compromised Credentials
Introduction
Hi, everyone
My name is Santosh Kumar Sha , I’m a Security researcher/ Security Engineer from India. In this article, I will be demonstrating How I was able to automate the monitoring of the AWS Health Dashboard for security issues and automatically take action when AWS credentials are compromised. Inorder to reduced the impact and Blast Radius during an Security event or During any Hacked happened.
SPECIAL Note:
In today’s cloud-centric world, securing your AWS infrastructure is paramount. A critical aspect of this security is promptly addressing any compromised credentials. In this post, we’ll explore how to automate the monitoring of the AWS Health Dashboard for security issues and automatically take action when AWS credentials are compromised.
Prerequisites
Before diving into the setup, ensure you have the following:
- An AWS account with administrative access.
- Basic knowledge of AWS services like Lambda, CloudFormation, and IAM, SNS.
- AWS CLI configured on your local machine.
Story Behind the Blog:
The inspiration behind this blog post stems from a recent incident where a major AWS account breach occurred due to compromised credentials for a Client. The incident…