Problem
AWS notified me to rotate AWS credentials that are (seemingly) not registered with CircleCI.
Hello,
AWS is reaching out to you on behalf of CircleCI as a follow-up to the security issue they disclosed on January 4, 2023 [1] involving their platform. AWS infrastructure and services were not affected by this issue.
However, CircleCI believes the following AWS access keys, associated with your account, may be affected by this issue.
AKIA4**************
AWS recommends you rotate these keys immediately.
Occasion
Because the AWS Permission of the CircleCI project, which was used since time immemorial, was still alive even though it was discontinued in the UI.
Solution
${CIRCLECI_VCS} with either "github" or "bitbucket"
${CIRCLECI_ORG} with the name of your org
${CIRCLECI_PROJECT} with the name of your project/repository
${CIRCLECI_TOKEN} with a Personal API Token
curl -X PUT -d "{\"aws\":{\"keypair\":null}}" "https://circleci.com/api/v1.1/project/${CIRCLECI_VCS}/${CIRCLECI_ORG}/${CIRCLECI_PROJECT}/settings?circle-token=${CIRCLECI_TOKEN}" -H "Content-Type:application/json"
Note
WTF🤣
Top comments (0)