AWS service quota increase request created
Description
AlphaSOC detected a request to increase an AWS service quota. Smaller quota increases are typically approved automatically, while larger requests require Support review. Adversaries may use quota increases to expand their attack surface and prepare for resource abuse.
Impact
Successful quota increases allow threat actors to create more resources for cryptomining, DDoS attacks, or other malicious activities. This can lead to excessive cloud costs and service disruptions.
Severity
| Severity | Condition |
|---|---|
Medium | AWS service quota increase request created |
Investigation and Remediation
Review the quota increase request details including the service, amount requested, and requesting identity. Compare them against business needs and historical quota usage patterns. If unauthorized, deny the request, revert any approved increases, and investigate the requesting identity for compromise. Implement tighter controls on quota management permissions.