Hello,
We recently discovered that an unrecognized CloudFront resource belonging to an unrecognized account number (ID) was associated with our certificate. We only noticed this when we tried to delete this certificate but were unable to do so because it was in use. Did our account get hacked? How can we find out who associated this resource to our account and when did this happen? Thank you!
EDIT: The account is an "API Gateway accounts used for private integrations". How do we delete this resource?
Edited by: amazonglyawsome on Jun 3, 2020 3:23 AM
EDIT: The associated resource in question is arn:aws:cloudfront::969236854626:distribution/REDACTED
Edited by: amazonglyawsome on Jun 3, 2020 4:50 AM
Edited by: amazonglyawsome on Jun 3, 2020 4:51 AM
Should have been enough to remove the custom domain associated with an edge-optimized API Gateway endpoint.
https://docs.aws.amazon.com/acm/latest/userguide/troubleshoot-apigateway.html