CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00759
- creditSnyk Research Team
Description
Absence of the AWS Systems Manager (SSM) agent on an EC2 instance prevents remote and automated management tasks, which can lead to unpatched software, misconfigurations, and operational inefficiencies. It also hinders the ability to execute commands, apply patches, collect inventory, and configure instances at scale.
How to fix?
Set the targets.values attribute in an aws_ssm_association resource to valid instance ID or refer to all instances with "*".
Example configuration:
resource "aws_instance" "allowed" {
ami = "ami-0c7217cdde317cfec"
instance_type = "t3.micro"
tags = {
Name = "snyk-759-allowed-instance"
}
}
resource "aws_ssm_document" "doc-759" {
name = "snyk-759-ssm-doc"
document_type = "Command"
content = <<DOC
{
"schemaVersion": "1.2",
"description": "Check ip configuration of a Linux instance.",
"parameters": {
},
"runtimeConfig": {
"aws:runShellScript": {
"properties": [
{
"id": "0.aws:runShellScript",
"runCommand": ["ifconfig"]
}
]
}
}
}
DOC
}
resource "aws_ssm_association" "example" {
name = aws_ssm_document.doc-759.name
targets {
key = "InstanceIds"
values = [aws_instance.allowed.id]
}
}