search

ministryofjustice / operations-engineering

This repository is home to the Operations Engineering's tools and utilities for managing, monitoring, and optimising software development processes at the Ministry of Justice. • This repository is defined and managed in Terraform
https://user-guide.operations-engineering.service.justice.gov.uk/
MIT License
14 stars 5 forks source link

Create runbook for AWS credentials disclosure remediation process #198

Closed AntonyBishop closed 2 years ago

AntonyBishop commented 3 years ago

Background

First part of #77

This story is to create a runbook for the team of the steps to take if an AWS credential is exposed. Here is an example of a previous incident where an accidental AWS credentials disclosure on 2020-12-18. Jake Mulley ran through the following procedure:

1 .The access keys were deleted 2 CloudTrail shows no activity after 16:43 UK time with those keys

  1. I've attached a policy to Daniel's user to deny any actions using a temporary token from before 17:30 GMT on 17th December 2020
  2. I'll keep an eye on the billing for that account & will work my way through any new IAM users, policies, etc. that were created after 16:30 UK time today.

We should document these steps that we would run through generically and add to our runbooks site.

Definition of done

leoncarrington commented 3 years ago

Hey team! Please add your planning poker estimate with ZenHub @liban-hmpps @ben-al @Nimphal