AWS scans public GitHub repositories for leaked AWS credentials and alerts the user. The author intentionally leaked AWS credentials to a public GitHub repository to see what would happen.
- AWS quickly added the "AWSCompromisedKeyQuarantineV2" policy to the IAM user account and informed the user via email of the leak.
- AWS attaches the policy and informs the user within minutes of the leak, likely using GitHub's "Secrets Scanning" service and "Secret scanning alerts for partners".
- Malicious actors scan public GitHub repositories constantly for leaked credentials using automated tools.
- AWS recommends preventing the leaking of credentials by running a pre-commit locally scanning for secrets, adding a secret scanner in your CI/CD pipeline, and using GitHub Secrets Scanning for users.
