2022 01 20

AWS – Amazon GuardDuty now detects EC2 instance credentials used from another AWS account

Amazon GuardDuty introduces a new threat detection that informs you when your EC2 instance credentials are used to invoke APIs from an IP address that is owned by a different AWS account than the one that the associated EC2 instance is running in. The new finding type is: UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.InsideAWS. While Amazon GuardDuty has always informed you when your EC2 instance credentials were used from outside of AWS, this new threat detection limits a malicious actor’s ability to evade detection by using the EC2 instance credentials from another AWS account.

AWS – Amazon GuardDuty now detects EC2 instance credentials used from another AWS account

Related Posts

AWS – Amazon Bedrock Data Automation now supports modality controls, hyperlinks and larger documents

AWS – Amazon EventBridge cross-account event delivery now in the AWS GovCloud (US) Regions

AWS – AWS Resource Groups now supports 160 more resource types