Hardcoded AWS Access Key

• Query id: c2f15af3-66a0-4176-a56e-e4711e502e5c
• Query name: Hardcoded AWS Access Key
• Platform: Ansible
• Severity: Medium
• Category: Secret Management
• URL: Github

Description

AWS Access Key should not be hardcoded
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

- name: start an instance with a cpu_options
  community.aws.ec2_instance:
    name: "public-cpuoption-instance"
    vpc_subnet_id: subnet-5ca1ab1e
    tags:
      Environment: Testing
    user_data: "1234567890123456789012345678901234567890$"

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: start an instance with a cpu_options
  community.aws.ec2_instance:
    name: public-cpuoption-instance
    vpc_subnet_id: subnet-5ca1ab1e
    tags:
      Environment: Testing
    instance_type: c4.large
    volumes:
    - device_name: /dev/sda1
      ebs:
        delete_on_termination: true
    cpu_options:
      core_count: 1
      threads_per_core: 1