turbot/aws_compliance

Query: autoscaling_ec2_launch_configuration_no_sensitive_data

Usage

powerpipe query aws_compliance.query.autoscaling_ec2_launch_configuration_no_sensitive_data

SQL

select
launch_configuration_arn as resource,
case
when
user_data like any (array [ '%pass%', '%secret%', '%token%', '%key%' ])
or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]' then 'alarm'
else 'ok'
end as status,
case
when
user_data like any (array [ '%pass%', '%secret%', '%token%', '%key%' ])
or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]' then title || ' has potential secret patterns in user data.'
else title || ' does not contain secret patterns in user data.'
end as reason
, region, account_id
from
aws_ec2_launch_configuration;

Controls

The query is being used by the following controls: