Hardcoded AWS Access Key

  • Query id: c2f15af3-66a0-4176-a56e-e4711e502e5c
  • Query name: Hardcoded AWS Access Key
  • Platform: Ansible
  • Severity: High
  • Category: Secret Management
  • CWE: 798
  • URL: Github

Description

AWS Access Key should not be hardcoded
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: start an instance with a cpu_options
  community.aws.ec2_instance:
    name: "public-cpuoption-instance"
    vpc_subnet_id: subnet-5ca1ab1e
    tags:
      Environment: Testing
    user_data: "1234567890123456789012345678901234567890$"

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: start an instance with a cpu_options
  community.aws.ec2_instance:
    name: public-cpuoption-instance
    vpc_subnet_id: subnet-5ca1ab1e
    tags:
      Environment: Testing
    instance_type: c4.large
    volumes:
    - device_name: /dev/sda1
      ebs:
        delete_on_termination: true
    cpu_options:
      core_count: 1
      threads_per_core: 1