https://cloudsecurityforum.slack.com/archives/C6DN616HG/p1653611790045629
I found a security vulnerability in MWAA (Amazon Managed Workflows for Apache Airflow) that has been fixed so now I can talk about it. Specifically there are two API calls that the service uses to convert IAM credentials into tokens that can be used to login to airflow. The CreateCliToken and CreateWebLoginToken were logging the tokens to CloudTrail. The event used included the hostname for the airflow server, so everything required to login to the server was in the event.
Reported May 11th, fixed May 22.
tokens are only valid for 60 seconds and CloudTrail log delivery is not fast enough that they are valid by the time an AWS customer can see them.
https://cloudsecurityforum.slack.com/archives/C6DN616HG/p1653611790045629
Reported May 11th, fixed May 22.