Ask HN: AWS 账户被限制 18 小时,尽管已完成补救措施 (Case 177385077300217)
5 分•作者: trollderiu•5 天前
我们初创公司(Qcart)目前正面临着多个国家/地区的全面生产中断。18 小时前,由于暴露了 circleci 访问密钥,AWS 信任与安全部门限制了我们的账户。
时间线:
18+ 小时前:收到关于密钥泄露的通知(与 circleci-eb 用户相关)。
我们删除了 IAM 用户及其所有相关密钥。在支持案例中确认了补救措施。
当前状态:完全沉默。支持人员一直说“专业团队正在调查”,但我们一直没有收到任何更新,而我们的业务正在崩溃。
我们已经轮换了所有凭证,并确认不存在其他未经授权的访问。我们是一个小团队,这种 18 小时的延迟,而且安全团队没有任何人为回应,这令人非常沮丧。
AWS 有人能提供关于如何让真人真正审查已解决的安全问题的建议吗?
案例 ID:177385077300217
非常感谢任何帮助或信息。
查看原文
Our startup (Qcart) is currently facing a 100% production outage across multiple countries. AWS Trust & Safety restricted our account 18 hours ago due to an exposed circleci access key.<p>Timeline:<p>18+ hours ago: Received notification of exposed keys (linked to a circleci-eb user).<p>We deleted the IAM user and all associated keys. Confirmed remediation in the support case.<p>Current status: Total silence. Support agents keep saying "the specialized team is looking into it," but we have had zero updates while our business is dying.<p>We have already rotated all credentials and verified that no other unauthorized access exists. We are a small team and this 18-hour delay with no human response from the security team is devastating.<p>Does anyone at AWS have advice on how to get a human to actually review a resolved security flag?<p>Case ID: 177385077300217<p>Any help or visibility is greatly appreciated.