Hardcoded AWS Access Key
- Query id: c2f15af3-66a0-4176-a56e-e4711e502e5c
- Query name: Hardcoded AWS Access Key
- Platform: Ansible
- Severity: High
- Category: Secret Management
- CWE: 798
- URL: Github
Description¶
AWS Access Key should not be hardcoded
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: start an instance with a cpu_options
community.aws.ec2_instance:
name: "public-cpuoption-instance"
vpc_subnet_id: subnet-5ca1ab1e
tags:
Environment: Testing
user_data: "1234567890123456789012345678901234567890$"
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: start an instance with a cpu_options
community.aws.ec2_instance:
name: public-cpuoption-instance
vpc_subnet_id: subnet-5ca1ab1e
tags:
Environment: Testing
instance_type: c4.large
volumes:
- device_name: /dev/sda1
ebs:
delete_on_termination: true
cpu_options:
core_count: 1
threads_per_core: 1