Slide 87
Slide 87 text
#jawsdays #jawsdays2021 #jawsdays2021_B 87
AWSサポートの
暫定措置
• IAMポリシー
「AWSExposedCredentialPolicy_DO_N
OT_REMOVE」を作成し、漏洩したアク
セスキーに紐づくIAMユーザにアタッチ
• 拒否アクションが列挙された
IAMポリシー
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1538161409",
"Effect": "Deny",
"Action": [
"iam:UpdateUser",
"iam:AttachUserPolicy",
"lightsail:GetInstanceAccessDetails",
"organizations:InviteAccountToOrganization",
"iam:AttachRolePolicy",
"ec2:StartInstances",
"lightsail:Delete*",
"iam:CreateInstanceProfile",
"iam:UpdateAccessKey",
"iam:PutUserPolicy",
"iam:DeleteUserPolicy",
"iam:AttachGroupPolicy",
"lambda:CreateFunction",
"iam:CreateLoginProfile",
"lightsail:Start*",
"iam:CreateUser",
"ec2:RunInstances",
"lightsail:Create*",
"lightsail:Update*",
"iam:PutUserPermissionsBoundary",
"iam:ChangePassword",
"iam:DetachUserPolicy",
"organizations:CreateAccount",
"iam:PutGroupPolicy",
"organizations:CreateOrganization",
"iam:UpdateAccountPasswordPolicy",
"iam:CreateAccessKey",
"iam:CreateRole",
"lightsail:DownloadDefaultKeyPair",
"ec2:RequestSpotInstances"
],
"Resource": [
"*"
]
}
]
}