Hardcoded AWS Access Key

• Query id: d7b9d850-3e06-4a75-852f-c46c2e92240b
• Query name: Hardcoded AWS Access Key
• Platform: Terraform
• Severity: High
• Category: Secret Management
• URL: Github

Description

AWS Access Key should not be hardcoded
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

module "ec2_instance" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 3.0"

  name = "single-instance"

  ami                    = "ami-ebd02392"
  instance_type          = "t2.micro"
  key_name               = "user1"
  monitoring             = true
  vpc_security_group_ids = ["sg-12345678"]
  subnet_id              = "subnet-eddcdzz4"
  user_data = "1234567890123456789012345678901234567890$"

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

Positive test num. 2 - tf file

resource "aws_instance" "positive1" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t3.micro"

  user_data = "1234567890123456789012345678901234567890$"
  tags = {
    Name = "HelloWorld"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

module "ec2_instance" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 3.0"

  name = "single-instance"

  ami                    = "ami-ebd02392"
  instance_type          = "t2.micro"
  key_name               = "user1"
  monitoring             = true
  vpc_security_group_ids = ["sg-12345678"]
  subnet_id              = "subnet-eddcdzz4"
  user_data = file("scripts/first-boot-http.sh")

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

Negative test num. 2 - tf file

resource "aws_instance" "negative1" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t3.micro"

  user_data = file("scripts/first-boot-http.sh")
  tags = {
    Name = "HelloWorld"
  }
}