Reply to post: Re: What about pre-payment?

Dev put AWS keys on Github. Then BAD THINGS happened

Ben Tasker Silver badge

Re: What about pre-payment?

Yup hadn't purged them fully (though he's now revoked) - https://github.com/andhof-mt/shriek/commit/799a62ed075954eac673322b9f69963ad815c4d0

@bigtimehustler

Looking at his post, I'm not sure they were just S3 keys, though it's hard to say for sure. Certainly can't find any reference (based on a _very_ quick google) to being able to fire up EC2 instances through the S3 API - though if it is true, that's some spectacularly bad design by Amazon.

But yes, either way, they definitely had too many privileges. Mind you, if you look at the average S3 tutorial online, the various authors all seem to think that creating limited privileges in IAM is too complex and skip over it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020