/
High Volume/Denied API Activity

High Volume/Denied API Activity

Owned by Former user (Deleted)
Apr 27, 2020
2 min read

Every action taken in the AWS console is recorded as an event and sent to Amazon as an ongoing process occuring with the API (Application Programming Interface). The presence of either a great number of unconfirmed requests or requests containing access denied or unauthorized operation can indicate bad activity associated with the account.

Access denied can generate when a user tries to interact with a resource which they do not have permission given the configuration of Identity and Access Management, which can easily happen accidentally.

Unauthorized Operation

By default, AWS Identity and Access Management (IAM) users don't have permission to create or modify Amazon EC2 resources, or perform tasks using the Amazon EC2 API, unless they've been explicitly granted permission through IAM policies. If an IAM user attempts to perform an action for which permission has not been granted, the request returns the following error: Client.UnauthorizedOperation.

This error may occur when a policy is unintentionally restrictive. For example, to allow an IAM user to launch instances into a specific subnet, you need to grant permissions for the following resources by specifying their ARNs in your IAM policy: instances, volumes, AMIs, the specific subnet, network interfaces, key pairs, and security groups. If you omit the permission for volumes, for example, the user is only able to launch an instance from an instance store-backed AMI, as they do not have permission to create the root EBS volume for an EBS-backed instance.

For more information about creating IAM policies for Amazon EC2, see IAM Policies for Amazon EC2 in the Amazon EC2 User Guide for Linux Instances.

Currently, not all API actions support resource-level permissions; we'll add support for more in the future. For more information about which ARNs you can use with which Amazon EC2 API actions, see Granting IAM Users Required Permissions for Amazon EC2 Resources.



https://docs.aws.amazon.com/AWSEC2/latest/APIReference/query-api-troubleshooting.html

Related content

Unusual Instance Specifications and Types
Unusual Instance Specifications and Types
CUIT CyberSecurity
More like this
IAM Policy Changes
IAM Policy Changes
CUIT CyberSecurity
More like this
Root Account Activity
Root Account Activity
CUIT CyberSecurity
More like this
Mass Creation/Deletion of Instances
Mass Creation/Deletion of Instances
CUIT CyberSecurity
More like this
Short Lived Accounts
Short Lived Accounts
CUIT CyberSecurity
More like this
Missing Account Owner Information
Missing Account Owner Information
CUIT CyberSecurity
More like this