AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

My Account was Hacked

0

Hello Everyone My account was currently hacked , its email address was changed , i got my account back , but there are some roles which have administrator access and it cannot be deleted

i also tried revoking the sessions but it throws an error saying 'Failed to revoke sessions. Cannot perform the operation on the protected role ';;;;' - this role is only modifiable by AWS'

please help me with this issue

  • From. moderator: this is a duplicate of https://repost.aws/questions/QUSC73xHmPTWuprDtF5ME9ng/my-account-got-hacked which has already an accepted answer. Please, do not repeat same question

  • this is not a duplicate question , i mentioned i have recovered my account now , my previous question mentions that i wasnt able to access the account due to unauthorized changed email address , this questions revolves around some roles which i am not able to delete after i have recovered the account but the account might still be compromised (am sorry dont have much knowledge about aws)

질문됨 일 년 전455회 조회
2개 답변
0

Hello.
Is it possible to access and delete an AWS account as root user?
If you can log in as the root user, you can operate any IAM resource in your account.
https://docs.aws.amazon.com/signin/latest/userguide/introduction-to-root-user-sign-in-tutorial.html

Also, although unrelated to resource deletion, if your AWS account has been hijacked, be sure to change the root user password.
Other MFA settings are also effective in improving security and should be set.
https://docs.aws.amazon.com/accounts/latest/reference/root-user-password.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-root

It is also possible that the error is caused by an administrative IAM role managed by AWS.
For example, if your AWS account belongs to Organizasions, etc. and you try to delete SSO admin IAM roles, etc., you will get such an error.
What IAM role are you trying to delete?

profile picture
전문가
답변함 일 년 전
  • yess these are there is an administrative sso role am trying to delete which is not getting delete , service linked roles too

  • I believe that the IAM role of the SSO administrator cannot be deleted without removing the IAM role from Organizasions membership. Could you please share the name of the IAM role you are trying to delete? Also, is your user a root user?

  • AWSReservedSSO_AdministratorAccess AWSServiceRoleForOrganizations AWSServiceRoleForSSO AWSServiceRoleForSupport AWSServiceRoleForTrustedAdvisor

    yes i am a root user

  • Thanks for sharing. The IAM roles listed were created by AWS. Therefore, there is no need to delete it. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

    A service-linked role is a type of service role that is linked to an AWS service. The service can assume the role to perform an action on your behalf. Service-linked roles appear in your AWS account and are owned by the service. An IAM administrator can view, but not edit the permissions for service-linked roles.

  • but the creation date of the first three roles is just after i got the mail that my email for aws has been changed(account was hacked) is this not alarming ? or is it still okay (am not an expert in aws just looking for your advice)

0

Hey everyone,

I'm in a bit of a pickle. My account was recently compromised, and though I've managed to regain access, there are a few roles that have been granted admin permissions, and I just can't seem to remove them. Each time I attempt to revoke the sessions, I'm met with an error that reads 'Failed to revoke sessions. Cannot perform the operation on the protected role ';;;;' - this role is only modifiable by AWS'.

Has anyone else faced something similar? I'd really appreciate any guidance or advice on how to resolve this.

https://docs.aws.amazon.com/accounts/latest/reference/root-user-password.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-root

Thanks in advance, Farru.

답변함 일 년 전
  • Hello.
    That error is an error that occurs when trying to delete an AWS-managed IAM role. What IAM role are you trying to delete?

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠