How was my AWS credentials compromised — #noobCoding adventures
As mentioned earlier I learn programming. First it started with online courses, blogs, trying to utilize the world of internet but after a while I faced some constraints and barriers. Thereafter I hired a senior developer in order to teach me and my friends though this step wasn’t successful — we realized the guy was lacking mentoring skills despite he was smart. So I went back to the online world and dug deeper into technologies and looked for the proper tutorials. At the same time I was chasing a real life mentor again because I wanted a hands-on a teacher. Finally I found a really nice developer with high level of technical and personal skills and the work has started. I would say I am satisfied with him and the methods he uses are helping me. We play with the same stack that he uses day after day, write tests before code, using version control tools, keeping in mind the clean code principles…. and always looking for new challenges on my level. As a result I tried a lot of libraries, worked with tons of video tutorials\podcasts, read articles, checked several GitHub repositories, and I am enthusiastic and happy doing these activities. Now, I have a teeny tiny pet project called word counter calculator — it scrapes sites and shows the density of the words as well as visualize the result — I use node/express/D3/TDD/Heroku/Codeship…. Also pay attention to the readable and reusable code, using functional libraries like Lodash or Ramda, write small functions and so on.
Once I faced a new library and I said “Oh yes, another day — another challenge” so I started to play with AWS services. The usual story, I read articles, watched tutorials, got lots of help from friend and pushed exercises to my GitHub repository. After some steps I made a mistake — I left my credentials between my code open. In few days I got this message:
Amazon Web Services has opened case xxxxxx on your behalf.
The details of the case are as follows:
Case ID: xxxxxx
Subject: Your AWS account is compromised
Correspondence: Dear AWS Customer,
Your AWS Account is compromised! Please review the following notice and take >immediate action to secure your account.
Your security is important to us. We have become aware that the AWS Access Key AKIAXXXX (belonging to IAM user “xxx”) along with the corresponding Secret Key is publicly available online at github.
Yes, I was compromised and I didn’t know what next step would be so I called one of my friend who was really helpful at this time and supported me to solve my problem. Below you can check some screenshots of my story and advise: never do what I have done:
6,000$ is a lot, and I had to solve the issue. Fortunately, I had personal support — thank you Adam, I owe you — and an official support represented by AWS. I met with two guys from their side and both of them were clear and professional. Straightforward and quick instructions were given hours after hours, how I can move forward and terminate the problem. They continuously informed me about the next steps regarding the official procedure. Overall, I am absolutely satisfied with their work. Lesson learned and I am waiting for the final decision about my case,
- You find another post here written by my friend about this story from a different perspective
- Take time to read the details regarding your new tool, reveal obvious pitfalls
- If you a hobby / self-educated guy always ask for help when using a new tool
- Don’t be hasty, be calm and think carefully when using new / costly services
- Take advantage of official support / forum and try to clear the relevant content
- Take seriously the security questions, because bots never sleep