Tell HN: No, your Lambda credentials aren't being used outside of AWS

Y	Hacker News new \| ask \| show \| jobs

1 points by scottndecker 177 days ago

AWS just sent out a poorly worded sns announcement that looks like your Lambda credentials have been compromised.

{ "version": "1", "type":"NEW_FINDINGS", "findingDetails":[{ "findingType":"UnauthorizedAccess:IAMUser/ResourceCredentialExfiltration.OutsideAWS", "link":"", "findingDescription":"This finding informs you that a host outside of AWS has attempted to run AWS API operations using temporary AWS credentials that were created on a Lambda resource in your AWS environment." }] }

I opened up a case with AWS and am told this is only a product announcement. You can see this finding type was released just yesterday (https://docs.aws.amazon.com/guardduty/latest/ug/doc-history.html).

If anyone hears differently, would love to know. For now, we're standing down with the understanding that there is no incident.

Super poor wording of email. That just took a few hours of my life I'll never get back.