Late last week I was playing around with git, and published my shell scripts folder to github (PUBLICLY!)… And I’d forgotten I’ve got some subfolders in their with some passwords - and worse? Some subfolders with BOTH private and public keys!
One of the keypairs was for my Amazon AWS account, e.g. PEM key to access Linux hosts in EC2 (don’t currently have any).
So - got nasty warnings immediately from GitHub - and even NASTIER warnings after they alerted Amazon! I didn’t even know they could do that…
I deleted the git repo in question… I’m sure it was only “public” for less than 5 minutes!
I ended up having to use IAM (in AWS) to delete the user with that compromised key.
Only just cleared everything up with AWS today… phew! And support tickets got raised - I bl00dy well hope AWS don’t bill me for it!
My boss keeps hassling me to get my AWS certs (I HATE STUDYING! I hate EXAM CRAMMING! I’m too old for this sh!t!) - I but I don’t think there’s a way out of it - so I’ll need my AWS creds, as my employer doesn’t have AWS or EC2, so I have to use my personal account and get re-imbursed for compute resources I’m billed for.
So - not using AWS in “anger” right at the moment, but will be shortly… shame 'cause I kinda really really hate Bezos…