Get Involved
Query: ECS task definition containers should not have secrets passed as environment variables
Description
This control checks if the key value of any variables in the environment parameter of container definitions includes AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, or ECS_ENGINE_AUTH_DATA. This control fails if a single environment variable in any container definition equals AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, or ECS_ENGINE_AUTH_DATA. This control does not cover environmental variables passed in from other locations such as AWS S3.
Query
Tables used in this query:
Controls using this query:
- 8 Secrets should not be passed as container environment variables
- ECS task definition containers should not have secrets passed as environment variables