Back to All Scenarios
PASSEDcloud / aws_iam
AWS: IAM Access Key Expired — Application Auth Failing
An application's IAM access key was rotated but the old key was deactivated before the new one was deployed. All AWS API calls failing.
Pattern
AWS_CLOUD
Expected: AWS_IAM_FAILURE
Severity
HIGH
Confidence
68%
Remediation
Auto-Heal
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | AWS_IAM_FAILURE | AWS_CLOUD | |
| Severity Assessment | CRITICAL | HIGH | |
| Incident Correlation | N/A | None | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Auto-Heal — Corax resolves autonomously |
Scenario Conditions
AWS IAM user 'app-service'. Old access key AKIAOLD00005 deactivated. New key AKIANEW00005 not yet deployed to application. All S3, SQS, DynamoDB calls failing.
Injected Error Messages (1)
AWS IAM auth failure — access key AKIAOLD00005 deactivated, application still using old key, all AWS API calls returning 'InvalidAccessKeyId', S3/SQS/DynamoDB operations failing, new key not deployed
Neural Engine Root Cause Analysis
AWS cloud infrastructure event detected — an EC2 instance may be unreachable or in a stopped state, an RDS database is experiencing issues, a load balancer has unhealthy targets, or a Lambda function is failing. AWS service disruptions can cascade across dependent resources and affect application availability.
Remediation Plan
1. Check the AWS Health Dashboard and Personal Health Dashboard for any active service events.
2. For EC2 issues, check instance status checks (system and instance), review CloudWatch metrics, and check VPC security group rules.
3. For RDS, verify database instance status, check storage and connection limits, and review slow query logs.
4. For ELB issues, check target group health checks and verify backend instances are responding.
5. For Lambda, review CloudWatch Logs for invocation errors and check IAM permissions and VPC connectivity.
Improvements Applied
- Pattern classified as AWS_CLOUD (expected AWS_IAM_FAILURE)
- Severity: HIGH (expected CRITICAL)
Tested: 2026-04-02Monitors: 1 | Incidents: 1Test ID: cmnhnr8vc09bjlig76dfe94qk