Query: EC2 instances user data should not have secrets

Description

User data is a metadata field of an EC2 instance that allows custom code to run after the instance is launched. It contains code which is exposed to any entity which has the most basic access to EC2, even read-only configurations. It is recommended to not use secrets in user data.

Query

Tables used in this query:

• aws_ec2_instance

Controls using this query:

• 2.13 Ensure Secrets and Sensitive Data are not stored directly in EC2 User Data
• EC2 instances user data should not have secrets

SQL