I shared my project online a while ago and accidentally leaked my AWS credentials. After dealing with my end-of-semester exams, I only recently logged back into my account to find a shocking bill of $861! I wish I had monitored my account more closely. I've deleted the access keys and opened a support case with AWS, but I'm really unsure about what I should do next to resolve this situation.
3 Answers
First off, deleting your keys was a good move, but that's just the start. Check if there are any systems still running or if the attackers have created backdoors that don’t need those keys. Use AWS Billing Explorer to see what services were active, and take a look into CloudTrail to track any suspicious activity from the past 90 days. If your credentials were the root ones, double-check your account’s email and contact info too. And remember, AWS sometimes forgives charges related to breaches, but it’s not guaranteed. Setting up proper budgets and alerts in the future can definitely help avoid this.
You actually got off lucky with just an $800 bill! I've heard of people facing charges skyrocketing to over $200,000. Still, facing any unexpected bill is tough to explain to family, especially while you're still studying. Hang in there, you’re not alone in this!
Waiting for AWS support is pretty much your only move right now. Just be patient and let them handle it. You've done the right steps already by deleting the keys and reaching out for help.
Totally! It's great you didn't end up with a much worse situation, but it won't make explaining it any easier.