Description: The AWS API token provides you with a set of AWS API keys. Leave them in private code repositories, leave them on a developer's machine. An attacker who stumbles on them will believe they are the keys to your cloud infrastructure. If they are used via the AWS API at any point, you will be alerted.

Note: These alerts first pass through Amazons logging infrastructure which may introduce a delay of between 2 and 30 minutes before the alert comes through.

Follow the steps below to create a an AWS API Key Canarytoken:

Step 1:

Step 2:

Select the Canarytokens tile.

Step 3:

Select the AWS API Key token from the list.

Step 4:

Over time, if you are using tokens correctly, you will deploy thousands of them all over the place. Make sure that your Reminder is as descriptive as possible, and we will remind the future you of where the token was dropped. Nothing sucks more than having a token fire an alert that reads “test" - and not knowing where you placed it.

Note: we chose "AWS API keys on Jim's Laptop" as the reminder

Step 5:

Download or copy the token and place it in its intended location.

Note: The file downloaded contains the AWS API credentials linked to your Canarytoken. The file is formatted such that it looks like a legitimate AWS credentials file.

Alert:

An alert is triggered when the AWS API key is used.

You're done! ;-)

Search

How do I create an AWS API Key Canarytoken?