Hardcoded AWS Access Key
- Query id: d7b9d850-3e06-4a75-852f-c46c2e92240b
- Query name: Hardcoded AWS Access Key
- Platform: Terraform
- Severity: High
- Category: Secret Management
- CWE: 798
- URL: Github
Description¶
AWS Access Key should not be hardcoded
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
module "ec2_instance" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 3.0"
name = "single-instance"
ami = "ami-ebd02392"
instance_type = "t2.micro"
key_name = "user1"
monitoring = true
vpc_security_group_ids = ["sg-12345678"]
subnet_id = "subnet-eddcdzz4"
user_data = "1234567890123456789012345678901234567890$"
tags = {
Terraform = "true"
Environment = "dev"
}
}
Positive test num. 2 - tf file
resource "aws_instance" "positive1" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3.micro"
user_data = "1234567890123456789012345678901234567890$"
tags = {
Name = "HelloWorld"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
module "ec2_instance" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 3.0"
name = "single-instance"
ami = "ami-ebd02392"
instance_type = "t2.micro"
key_name = "user1"
monitoring = true
vpc_security_group_ids = ["sg-12345678"]
subnet_id = "subnet-eddcdzz4"
user_data = file("scripts/first-boot-http.sh")
tags = {
Terraform = "true"
Environment = "dev"
}
}