turbot/aws_compliance
Loading controls...

Control: EC2 instances user data should not have secrets

Description

User data is a metadata field of an EC2 instance that allows custom code to run after the instance is launched. It contains code which is exposed to any entity which has the most basic access to EC2, even read-only configurations. It is recommended to not use secrets in user data.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.ec2_instance_user_data_no_secrets

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.ec2_instance_user_data_no_secrets --share

SQL

This control uses a named query:

ec2_instance_user_data_no_secrets

Tags