EC2 metadata has hardcoded secrets Affecting EC2 service in AWS


Severity

0.0
high
0
10
    Severity Framework
    Snyk CCSS
    Rule category
    Keys and Secrets / Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CIS-Controls
  • Snyk ID SNYK-CC-00226
  • credit Snyk Research Team

Description

If secret keys have been hardcoded in a user_data script, anyone with access to version-control software or a launched instance will be able to obtain the secrets and gain unauthorized access to resources.

How to fix?

Remove secret value from the user_data attribute.

Example Configuration

resource "aws_instance" "allowed_3" {
  ami           = "ami-005e54dee72ccabcd"
  instance_type = "t2.micro"
  user_data     = file("script.sh")
}