Suspicious activity

Exposed aws access key was used to update a policy

Risk Level

Informational (4)

  • N/A


Orca detected that an exposed AWS access key was used to update a policy. AWS proactively monitors popular code repository sites for exposed AWS Identity and Access Management (IAM) access keys. On detection of an exposed IAM access key, a policy named 'AWSExposedCredentialPolicy_DO_NOT_REMOVE' is assigned to the IAM user in order to notify on the leaked access key.
  • Recommended Mitigation

    It is recommended to rotate the exposed aws access key immediately and to review if the update policy is a legitimate action.