Control: CloudFormation stacks outputs should not have any secrets
Description
Ensure CloudFormation stacks outputs do not contain secrets like user names, passwords, and tokens. It is recommended to remove secrets since outputs cannot be encrypted resulting in any entity with basic read-metadata-only and access to CloudFormation outputs having access to these secrets.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cloudformation_stack_output_no_secretsSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cloudformation_stack_output_no_secrets --shareSQL
This control uses a named query:
cloudformation_stack_output_no_secrets