Ansible2018.06.01 00:15

Hello.


How was your days?

In my case, I developed Ansible Playbook and test playbook execution nowadays. 10 years ago, I was a developer. I could use Java, C, Basic, Python, Javascript, Shellscript and etc. And I am a system engineer now.


When I code Ansible Playbook, I am sometimes confused playbook grammar. I think my logic or code can run well, but the code is not working. If I have problem about playbook, I usually used ask it in Facebook Ansible Korea user group or timeline. So some people give answers to my asking.

I like technical communities. I like this culture of communities. I like these people who can share there knowledge and experiences. I also try to share my experience.



Anyway, today's preface was long. In this posting, I would like to write a episode about my AWS ec2 instance. 


One month ago, I was testing playbook that create AWS EC2 instance. Because this was my homework of Ansible training in China. Of course, it was provide training environment. But at the time, my environment was deleted already. So I decided to use my AWS account.


  • I coded playbook that create AWS ec2 instance and upload it to my github's repository.

  • And then I registered my github's repository to Ansible Tower. 

  • And I made job template using the playbook of github's repository.

  • Of course, I configured environment for accessing AWS in my workstation.

  • I clicked rocket shape's button. And Ansible Tower started to create ec2 instance in AWS.


Below picture is a flow about above describing. 


After click rocket shape's button, I started to monitor AWS dashboard for checking instance.

Suddenly it started to look lots of unknown instances in my AWS dashboard. I was embarrassed as soon as discover unknown instances. So I deleted the unknown instances in my AWS dashboard. 


After a few minutes, I could not create instance anymore. In that night, I got a mail that have title like "Your AWS account is compromised" from AWS. The next day, I opened a case that have title like "Who did provision instance in my account?" in AWS support center page. Then, I knew that my AWS account hacked from someone. The hacker created a lot of instances in the each region. The 1 day's charge was almost $3K. 


AWS was answered "An agent from our billing team will reach out to you when your case has been reviewed. " to me. And I have waited their review. But after a few days, they billed by registered credit card. I felt shocked and angry about this case because they billed without any notice. So I inquired it to AWS support center in many times. But I could not get any answers from AWS.


I talked this case to my co-workers. My co-worker gave a guide to me about chargeback application.

As soon as got guide, I called at credit card call center. And I talked my case to agent of call center.

I have worried about it. Because the credit card was company card. And I thought that was unreasonable to charge for unknown instances.


After 2 weeks, I got a message from AWS. The message was that they will refund my bill about unauthorized resources. At last, I could throw my worry. 


I am still afraid to use AWS account. And I learned a lot of things by this case. 

Finally, I would like to talk to my co-workers and AWS team thanks. 

'Ansible' 카테고리의 다른 글

My First Ansible Presentation Story  (0) 2018.07.05
AWS EC2 with Ansible Episode  (0) 2018.06.01
OpenStack Instance auto provisioning with Ansible  (0) 2018.05.16
My First Ansible Project Episode II  (0) 2018.05.08
My First Ansible Project Episode I  (0) 2018.05.04
Posted by 나리 짱!!! naleejang