# CISA Reveals Lessons from AWS Credential Exposure Incident

*Published July 13, 2026*
*Source: [https://cybersecuritynews.com/cisa-details-aws-credentials-leak/](https://cybersecuritynews.com/cisa-details-aws-credentials-leak/)*

## Executive Summary

CISA disclosed an incident where a contractor exposed AWS GovCloud credentials on a public GitHub account, prompting swift internal response and public lessons sharing. The case highlights the importance of credential management training for contractors and transparent incident handling to strengthen organizational security.

## Article

The Cybersecurity and Infrastructure Security Agency (CISA) has openly shared an after-action report following an incident where a contractor exposed the agency's AWS GovCloud credentials and Infrastructure-as-Code repositories on a public GitHub account. This incident prompted an internal response and led to a rare public disclosure of lessons learned by the federal cybersecurity agency. The issue came to light on May 15 when an investigative reporter, tipped off by a security researcher, alerted CISA about the exposed AWS keys visible in a public code repository. The researcher, whose firm actively scans public repositories for such exposures, continued to assist CISA during the response. CISA's Office of the Chief Information Officer acted swiftly to address the breach by taking the repository offline, preserving a forensic copy, and shutting down the affected environment. They reset the credentials and revoked the contractor's access to systems. Investigations revealed that the leaked information was not part of CISA's official GitHub account but rather a personal repository of a contractor. This contractor had copied the agency's infrastructure code and credentials for automating cloud infrastructure deployment. Forensic analysis confirmed the credentials were not misused outside CISA's systems, and no sensitive data was compromised. As a precaution, CISA rotated all credentials across environments where the contractor had access and enhanced repository access controls. The agency's review highlighted both effective practices and areas for improvement. The incident underscored the significance of human error, emphasizing the need for robust credential management training for contractors and third parties. CISA stressed the importance of transparency in handling incidents, aiming to provide other organizations with actionable insights for better credential management and incident response procedures.
