v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: EC2 instances user data should not have secrets

Description

User data is a metadata field of an EC2 instance that allows custom code to run after the instance is launched. It contains code which is exposed to any entity which has the most basic access to EC2, even read-only configurations. It is recommended to not use secrets in user data.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.ec2_instance_user_data_no_secrets

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.ec2_instance_user_data_no_secrets --share

SQL

This control uses a named query:

ec2_instance_user_data_no_secrets

Tags

category = Compliance
plugin = aws
service = AWS/EC2