Amazon Web Services(AWS) recently is informing developers to see for what they publish or share on GitHub, solely because the “secret keys“ that AWS provide are openly shown on GitHub Search, it’s not a Hack or a security Vulnerability but carelessness of the developer. Before we get into details, I would like post a wiki description of GitHub and AWS.
Amazon Web Services is a collection of remote computing services that together make up a cloud computing platform, offered over the Internet by Amazon.com. The most central and well-known of these services are Amazon EC2 and Amazon S3.- Wikipedia
GitHub is a web-based hosting service for software development projects that use the Git revision control system, Where Developers Share there Codes and Help Themselves and Others.
What are The “secret keys” ?
Several bloggers have admitted getting a shock after recieving a large bills for bandwidth usage they didn’t initiate. For example, Luke Chadwick was hit with a US$3493 (A$3842) bill in December, because of unauthorised activity. To his relief, this was later refunded by AWS.
If you have any queries, don’t hesitate to post it in the comments section.