undefined | Better HN

0 pointstjr2257y ago0 comments

I had accidentally pushed an AWS credential out a month or two ago- within about a minute and a half AWS had disabled the IAM user, and automatically emailed me(as well as my entire org- how embarrassing!)- when we were going through the access logs it looked like it had taken only a minute and a half longer for some other, presumably malicious, system to attempt to access my compromised user. Probably between 2 or 3 minutes total. I'm not a huge Amazon fan but props to AWS for saving my butt.

0 comments

3 comments · 1 top-level

scarface747y ago· 2 in thread

Why have credentials anywhere outside of the .aws directory in your home directory? When developing locally all of the SDKs will read them from there and when deploying to AWS, the SDK will get them from the attached role.

tjr225OP7y ago

I understand what the best practices are, it was a total mistake- I never even intended to push what I did to github.

house9-27y ago

`git diff` before making a commit `git log` and `git show` before pushing to a remote

These 2 simple things have saved me on more than one occasion.

j / k navigate · click thread line to collapse