EC2 instance is not associated with IAM role and instance profile Affecting EC2 service in AWS

Snyk CCSS

IAM / Usage

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

SOC-2

Snyk ID SNYK-CC-00090
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

By passing role information to an EC2 instance at launch instead of using IAM access keys, you can limit the risk of access key exposure and help prevent a malicious user from compromising the instance.

How to fix?

Set the iam_instance_profile attribute to the name of an IAM instance profile.

Example Configuration

resource "aws_instance" "valid_instance" {
  ami           = "ami-0323c3dd2da7fabcd"
  instance_type = "t2.micro"
  
  iam_instance_profile = "${aws_iam_instance_profile.new_profile.name}"
}

resource "aws_iam_instance_profile" "new_profile" {
  name = "new_profile"
  role = "${aws_iam_role.new_role.name}"
}

Terraform

Resource: aws_instance

EC2 instance is not associated with IAM role and instance profile Affecting EC2 service in AWS

Severity

Description

How to fix?

Example Configuration

Terraform

References