Tell HN: No, your Lambda credentials aren't being used outside of AWS
AWS just sent out a poorly worded sns announcement that looks like your Lambda credentials have been compromised.
{ "version": "1", "type":"NEW_FINDINGS", "findingDetails":[{ "findingType":"UnauthorizedAccess:IAMUser/ResourceCredentialExfiltration.OutsideAWS", "link":"", "findingDescription":"This finding informs you that a host outside of AWS has attempted to run AWS API operations using temporary AWS credentials that were created on a Lambda resource in your AWS environment." }] }
I opened up a case with AWS and am told this is only a product announcement. You can see this finding type was released just yesterday (https://docs.aws.amazon.com/guardduty/latest/ug/doc-history.html).
If anyone hears differently, would love to know. For now, we're standing down with the understanding that there is no incident.
Super poor wording of email. That just took a few hours of my life I'll never get back.
No comments yet.