Control: ECS task definition containers should not have secrets passed as environment variables

Description

This control checks if the key value of any variables in the environment parameter of container definitions includes AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, or ECS_ENGINE_AUTH_DATA. This control fails if a single environment variable in any container definition equals AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, or ECS_ENGINE_AUTH_DATA. This control does not cover environmental variables passed in from other locations such as AWS S3.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.ecs_task_definition_container_environment_no_secret

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.ecs_task_definition_container_environment_no_secret --share

SQL

This control uses a named query:

ecs_task_definition_container_environment_no_secret

Control: ECS task definition containers should not have secrets passed as environment variables

Description

Usage

SQL

Tags