AWS service quota described in multiple regions
Description
AlphaSOC detected multiple AWS Service Quotas queries across regions. AWS Service Quotas provides centralized management of service limits and thresholds. This indicates potential reconnaissance activities where threat actors enumerate service limits to understand deployment constraints and resource availability.
Impact
Adversaries can use service quota information to identify resource limitations and plan their attacks. Knowledge of service quotas can help threat actors to determine capacity for deploying unauthorized resources, conducting DoS attacks, or evading detection through distributed operations.
Severity
| Severity | Condition |
|---|---|
Low | Quota queries across multiple AWS regions from a single user ID |
Medium | Unexpected quota queries |
Investigation and Remediation
Review AWS CloudTrail logs to identify the user making the quota requests. Analyze the pattern and frequency of these requests. Implement strict access controls and monitoring for Service Quotas API calls. Revoke access if unauthorized activity is confirmed.