Query: CloudFormation stacks outputs should not have any secrets

Description

Ensure CloudFormation stacks outputs do not contain secrets like user names, passwords, and tokens. It is recommended to remove secrets since outputs cannot be encrypted resulting in any entity with basic read-metadata-only and access to CloudFormation outputs having access to these secrets.

Query

Tables used in this query:

• aws_cloudformation_stack

Controls using this query:

• CloudFormation stacks outputs should not have any secrets

SQL