Skip to main content

New Region

This alert occurs when Lacework detects the enablement of a new region.

Why this Alert is Important

Since an AWS region is a collection of AWS resources in a geographic area, an unrecognized new region indicates that your AWS account (or an IAM user whose permissions include enable, disable, and list Regions) is possibly compromised.

Investigation

Conduct an AWS security audit, including:

  • Search for any unrecognized or unauthorized resources.
  • Search your AWS bill for services that you don't normally use, resources in AWS Regions that you don't normally use, or a significant change in the size of your bill.
  • Review your IAM users who have permissions to enable, disable, and list Regions.

Resolution

The following are resolutions that you can implement:

  • Delete relevant access keys and IAM users.
  • Delete any unrecognized or unauthorized resources and regions.
  • If your AWS management account is compromised, immediately reach out to AWS support.
  • Once you have regained control of your AWS account, implement best practices for managing your organization's AWS accounts and users.

https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/