turbot/aws_compliance

Query: ec2_instance_user_data_no_secrets

Usage

powerpipe query aws_compliance.query.ec2_instance_user_data_no_secrets

Steampipe Tables

SQL

select
arn as resource,
case
when user_data like any (array [ '%pass%', '%secret%', '%token%', '%key%' ])
or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]' then 'alarm'
else 'ok'
end as status,
case
when user_data like any (array [ '%pass%', '%secret%', '%token%', '%key%' ])
or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]' then instance_id || ' potential secret found in user data.'
else instance_id || ' no secrets found in user data.'
end as reason,
region,
account_id
from
aws_ec2_instance;

Controls

The query is being used by the following controls: