How do I secure an AWS account when that account is compromised?
How do I secure an AWS account when that account is compromised?
Skip directly to the demo: 0:24
For more details see the Knowledge Center article associated with this video: https://repost.aws/knowledge-center/p…
Aliva shows you how to I secure an AWS account when that account is compromised.
Content
0.41 -> [Music]
12.639 -> hello
13.28 -> i'm oliver a cloud support engineer here
15.759 -> at the agps office
17.039 -> in bangalore today i'm going to show you
20 -> how to secure your agps account
22.08 -> if it is compromised let's get started
25.84 -> security is of utmost importance to aws
29.439 -> and we constantly monitor all aws
31.92 -> accounts
32.64 -> to make sure that your aws account is
35.28 -> secure
36.48 -> however there are scenarios when an
38.719 -> account is compromised if an access key
41.04 -> is exposed in a public forum
43.36 -> for example in github in this video i'll
47.2 -> share the steps you need to take in
48.96 -> order to re-secure your aws account
52.32 -> the first step is to change the aws
54.48 -> account root user password
56.64 -> to change the password for the root user
58.879 -> you must be signed in
60.32 -> as the aws account root user and not an
63.6 -> aws identity
64.96 -> and access management user use your aws
68.4 -> account email address
69.52 -> and password to sign into the aws
71.84 -> management console
73.2 -> as the aws account root user
76.32 -> remember do not use your root user to
79.2 -> utilize or access your account at all
81.759 -> unless absolutely necessary in the upper
85.28 -> right hand corner of the console
87.04 -> choose your account name and number and
89.759 -> then choose
90.479 -> my account on the right side of the page
93.84 -> next to the account settings section
95.84 -> choose edit
96.96 -> if you haven't signed in recently you
99.04 -> might have to sign in again
101.36 -> on the password line choose edit to
103.92 -> change your password
106 -> choose a strong password when you have
109.04 -> created a strong password
110.96 -> click save changes note this is the
113.84 -> password you will need to use
115.439 -> the next time you log in the second step
118.799 -> is rotate and delete all root and im
121.28 -> access keys
122.399 -> to rotate access keys for an im user
125.119 -> without interrupting your application
127.28 -> while the first access key is still
129.119 -> active create
130.479 -> a second access key sign into the aws
134 -> management console
135.36 -> and navigate to the im console in the
138.56 -> navigation pane
139.599 -> choose users choose the name of the
142.879 -> intended user
144.16 -> and then choose the security credentials
146.239 -> tab
147.52 -> choose create access key and then choose
150.519 -> download.csb file
152.239 -> to save the access key id and secret
155.04 -> access key
155.76 -> to a dot csv file on your computer
159.44 -> store the file in a secure location you
162.319 -> will not have access to the secret
164.239 -> access key again
165.519 -> after this window closes after you
168.72 -> download the dot csv file
170.879 -> choose close the new access key
174 -> is active by default at this point you
177.04 -> have two active access keys
179.92 -> update all applications and tools to use
182.72 -> a new access key
184.08 -> determine whether the first access key
186.319 -> is still in use
187.44 -> by reviewing the last use column for the
189.599 -> oldest access key
191.92 -> use only the new access key to confirm
194.56 -> that your applications are working
198.4 -> once you are sure that all applications
200.72 -> and tools are updated
202.319 -> you can delete the first access key
205.84 -> any applications and tools that still
207.92 -> use the original access key
209.68 -> will stop working at this point because
212.4 -> they no longer have access to aws
214.72 -> resources
216.48 -> sign in to the aws management console
218.879 -> and navigate to the im console
221.68 -> in the navigation pane choose users
225.36 -> choose a name of the intended user and
228 -> then choose the security credentials tab
231.2 -> locate the access key to delete and
233.76 -> choose a cross button
235.12 -> at the far right of the row then choose
237.68 -> delete
238.239 -> to confirm rotate all the imax's keys
242 -> created before the account was
243.519 -> compromised remember
245.36 -> it's recommended to not create or use
248.56 -> root user access keys but if their usage
251.92 -> is absolutely necessary remember to
254 -> rotate them as well
255.519 -> or delete root user access keys if you
257.84 -> do not absolutely need to use them
260.959 -> the third step is to delete any
262.88 -> resources on your account you didn't
264.96 -> create
265.919 -> such as amazon elastic compute cloud
268.4 -> instances
269.6 -> amis amazon elastic block store volumes
272.88 -> and snapshots sign into your aws account
277.04 -> and then check that all the resources on
279.6 -> your account
280.72 -> are resources that you have launched
283.28 -> make sure
284.08 -> to check all aws regions even regions
287.28 -> where you have
288.08 -> never launched aws resources
291.44 -> pay special attention to the following
294.08 -> ec2 instances
295.6 -> and emis including instances in the stop
298.72 -> state
299.6 -> ebs volumes and snapshots
303.039 -> if you're not sure how to delete a
304.88 -> resource associated with a particular
307.12 -> aws service
308.4 -> reach out to aws support it's also a
311.039 -> best practice
311.919 -> to actively monitor your account for
314.16 -> more information
315.44 -> see the security best practices article
317.759 -> linked in the associated knowledge
319.36 -> center article
321.12 -> the last step is to respond to any
323.12 -> notification that you receive from aws
325.6 -> support
326.32 -> through the aws support center thanks
329.199 -> for watching
329.919 -> and happy cloud computing from all of us
331.919 -> here at aws
339.759 -> you
Source: https://www.youtube.com/watch?v=8AhIbi7gwFY