Suspicious activity

Exposed aws access key was used in attempt to attach policy to group

Risk Level

Informational (4)

Platform(s)
  • N/A

Description

Orca detected that an exposed AWS access key was used in attempt to attach a policy to an IAM group. The operation to attach a policy to an IAM group resulted in access denied due to AWS prevention policy on exposed access keys. AWS proactively monitors popular code repository sites for exposed AWS Identity and Access Management (IAM) access keys. On detection of an exposed IAM access key, a policy named 'AWSExposedCredentialPolicy_DO_NOT_REMOVE' is assigned to the IAM user in order to notify on the leaked access key.
  • Recommended Mitigation

    It is recommended to rotate the exposed aws access key immediately.