Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
IAM/ Usage
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
SOC-2
- Snyk IDSNYK-CC-00090
- creditSnyk Research Team
Description
By passing role information to an EC2 instance at launch instead of using IAM access keys, you can limit the risk of access key exposure and help prevent a malicious user from compromising the instance.
How to fix?
Set the iam_instance_profile attribute to the name of an IAM instance profile.
Example Configuration
resource "aws_instance" "valid_instance" {
ami = "ami-0323c3dd2da7fabcd"
instance_type = "t2.micro"
iam_instance_profile = "${aws_iam_instance_profile.new_profile.name}"
}
resource "aws_iam_instance_profile" "new_profile" {
name = "new_profile"
role = "${aws_iam_role.new_role.name}"
}