Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Amazon Web Services credentials may be exposed

Tags:

amazon-web-services

access-keys

Recently Google provided alert to one of my Apps that

Your Amazon Web Services credentials may be exposed. This exposure of your credentials could lead to unauthorized access to your AWS account, which may include associated excessive charges, and potentially unauthorized access to your data and your users' data.

In the application, I'm using Amazon Product Advertising API to get and display the information related to some products.

I'm using SignedRequestsHelper class provided by the Amazon to request the data.

I need to know how can I protect my AWS keys in the Android app.

Thanks.

like image 437
Deepak Goyal Avatar asked Aug 22 '18 13:08

Deepak Goyal

People also ask

What are credentials in AWS?

When you interact with AWS, you specify your AWS security credentials to verify who you are and whether you have permission to access the resources that you are requesting. AWS uses the security credentials to authenticate and authorize your requests.

How do you manage credentials and authentication in AWS?

You can activate and manage MFA devices for the AWS account root user by going to the Security credentials page or the IAM dashboard in the AWS Management Console. For more information about activating MFA for IAM users, see Enabling MFA Devices in the IAM User Guide.

1 Answers

I need to know how can I protect my AWS keys in the Android app.

As soon the credentials are at the client side, you can consider them compromised. Storing credentials in the app is usually wrong idea.

you provided no other requirements or constraits, so without assuming anything I could only suggest a few ideas

  • use credentials with only necessary permissions (e. g. read s3 files, dynamodb records,...)
  • implement API (called by the app) and store the aws credentials on the server. Then there's a question how would you reliably authenticate / authorize the mobile app
  • use aws cognito to acquire temporary limited aws credentials based on a custom user pool or social login
like image 52
gusto2 Avatar answered Sep 27 '22 16:09

gusto2
Sign in to Comment

Related questions

AWS Step Functions with batch processing limitations
AWS AppSync IAM Authorization with Cognito Federated Identities
AWS Lambda Task timed out after 3.00 seconds
Load Testing AWS API Gateway
How to disable a user's password in AWS using boto3
Getting ORA-01882: timezone region not found with Oracle UCP, on aws ec2 instance?
Using create-react-app's npm startwith AWS Cloud9
How to get AWSCredentials given a AWS Cognito access_token
AWS S3 doesObjectExist costs
Does AWS Lambda process DynamoDB stream events strictly in order?
AWS S3 presigned urls with boto3 - Signature mismatch
Schedule Docker image to be run periodically on AWS ECS?
Hosting Multiple Domains with SSL on AWS Lightsail
How to use dynamic bucket name in Multer-s3 for file upload
Change Primary Elastic Network Interface(ENI) between two EC2 Instances
When to use aws direct connect and aws storage gateway
Appsync response mapping template json key name change
Cross-account deployement in AWS through Code-deploy service
AWS CloudFormation: CREATE_FAILED DBSecurityGroup is not supported in this region (London)
Can I use "Fn::Join" in "Parameters" of AWS Cloudformation json template

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!