AWS Access Keys

Bridgecrew Policy ID: BC_GIT_2
Severity: LOW

AWS Access Keys

Description

AWS Access Keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).

Fix - Buildtime

AWS

Step 1: Revoke the exposed secret.

  1. Sign in to the AWS Identity and Access Management (IAM) console as the root user.
  2. Choose your account name on the navigation bar, and then choose My Security Credentials.
  3. If you see a warning about accessing the security credentials, choose Continue to security credentials.
  4. Expand the Access keys (access key ID and secret access key) section.
  5. Choose Delete next to the access key that you want to delete.
    In the confirmation box, choose Yes.

Expand the "Access keys" section then click on the delete button.

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Step 3: Inspect AWS CloudTrail access logs to ensure the key was not utilized during the compromised period.