B3nac
commented
4 years ago Hi, AWS does have a source code scanning service that checks for exposed AWS keys on Github. When an api key is found AWS emails the account attached to that key.
Closed mzfr closed 4 years ago
B3nac
commented
4 years ago Hi, AWS does have a source code scanning service that checks for exposed AWS keys on Github. When an api key is found AWS emails the account attached to that key.
mzfr
commented
4 years ago Oh cool. So if say the person having the key ignore that email, does AWS something to it? Like expiring the key or anything else?
B3nac
commented
4 years ago I don't think AWS does anything to the key. I've been getting notifications from someone's write-up for awhile and the key still works as far as I know.
mzfr
commented
4 years ago oh okay. Thanks for the info :)
B3nac
commented
4 years ago No problem! The AWS key used for this app is read only and is attached to a S3 bucket that only contains the flag for one of the exercises. So the "disclosure" of the key really isn't a big deal :)
Hey, this works but I noticed that in the walkthrough you have:
So I wanted to ask what do you mean by
aws doesn't alert? Is there some service that reports if aws tokens were found in the open? What happens in the case of alert?