AWS Lightsail instance launched unexpectedly
Description
AlphaSOC detected an unexpected launch of an AWS Lightsail instance. AWS Lightsail is a simplified cloud platform service that provides virtual private servers. An unanticipated instance launch could indicate unauthorized access to AWS resources, potentially as part of a larger attack.
Impact
An unauthorized Lightsail instance can incur substantial financial costs and may lead to further compromise of the cloud environment.
Severity
| Severity | Condition |
|---|---|
Low | Unexpected action, ASN or user agent |
Investigation and Remediation
Investigate the instance's creation details, including the user account responsible and the instance's configuration. Review AWS CloudTrail logs for suspicious activities. If unauthorized, immediately isolate the instance, analyze its contents for potential threats, and then terminate it. Revoke any compromised credentials and review all IAM permissions. Strengthen access controls and monitoring for cloud resources.