March 28, 2014

Bitcoin mining? - Had to close my AWS account

When I read about a similar incident in hacker news sometime back,  I felt sorry for that person and also happy that I had not exposed my secret key. I woke up this morning to see the same thing happen to my account.  I got an email this morning from AWS that my account was compromised and the secret key was available in github.

When I looked at that Github project, I was cursing myself. It was created a year back when I was taking part in a startup weekend event. I don't even remember checking in my secret key in the rush for delivering something over the weekend. Now it has come to haunt me. Someone had launched almost 20 "c3.8xlarge" instances in each region and too many spot instances. Estimated bill is already $300 in a day. It was exhausting for me to find every resource launched in every region and terminate it. I had to close my AWS account to stop further charges and sent an email to the support team and hoping that they would consider that my account was compromised. I am guessing it is bitcoin mining incident again.

I was using this account just for learning AWS and was launching EC2 micro/medium instances to try few things.  I assume most of the devs working in cloud projects would have their personal account to learn AWS and would never ever need to launch such Large instances. I hope that Amazon AWS would provide an option to create a developer account which gives access only to create micro/medium instances for learning AWS and not to worry about huge bill even if the key is exposed by mistake.

Hope that AWS support team helps me this time.

I wish I had the skills like Liam Neeson in "Taken" movie to go after them :)

EDIT:

Estimated bill is now $1534. I called up Amazon immediately and the customer care was very helpful. They informed me that they would arrange for one time credit and asked me to be careful with the Access keys. They also fixed my account and asked me to continue using it.

As suggested by Garp in the comments, the first thing I did is to delete my AWS access keys and created a IAM user with permission to create only t1.micro instances in us-east-1 region.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "ec2:*",
      "Effect": "Allow",
      "Resource": "arn:aws:ec2:us-east-1:*",
      "Condition": {
         "StringEquals": {
            "ec2:InstanceType": "t1.micro"
         }
      }
    },
    {
      "Effect": "Allow",
      "Action": "elasticloadbalancing:*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "cloudwatch:*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "autoscaling:*",
      "Resource": "*"
    }
  ]
}

Amazon customer care is the best. 

10 comments:

  1. So is this the same guy who stole your bicycle ?

    ReplyDelete
  2. So sad venky.. Thanks for sharing. I feel I missed an opportunity to play with someone's account ;-)

    ReplyDelete
  3. Windows Azure is good in that sense, they limit your cores to 20 by default and you send an email to support or call them to get it bumped up.

    ReplyDelete
  4. Wow that sucks you know Leonardo Da Vinci said that in the future the people that uses the invisible money win everthimg

    ReplyDelete
  5. It looks like it's possible in IAM policies to enforce what size instances a user can spawn. I gave this a quick shot in the IAM policy simulator and it seemed to effectively restrict my user to only being able to do anything with m1.small instances. Hope this helps:

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "Stmt1396069018000",
    "Effect": "Allow",
    "Action": [
    "ec2:*"
    ],
    "Condition": {
    "StringEquals": {
    "ec2:InstanceType": "m1.small"
    }
    },
    "Resource": [
    "*"
    ]
    }
    ]

    ReplyDelete
    Replies
    1. Thanks Garp. I should have done that earlier. Lesson learnt.

      Delete
  6. Bitcoin mining is facing a hard time now due to hash rate difficulty. Nevertheless, if you’re still on it, opt for an ultra-low power device for a cheaper power cost. AMD Radeon HD 6970 (480 kH/s for Litecoin and 400 MH/s for Bitcoin) can be a pretty good hardware investment.

    ReplyDelete
  7. Good to see you write blog Venky.

    ReplyDelete
  8. This blog is so nice to me. I will keep on coming here again and again. Visit my link as well.. Donationhub

    ReplyDelete