turbot/aws_compliance

Query: ec2_instance_user_data_no_secrets

Usage

powerpipe query aws_compliance.query.ec2_instance_user_data_no_secrets

Steampipe Tables

SQL

select
arn as resource,
case
when user_data like any (array ['%pass%', '%secret%','%token%','%key%'])
or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]' then 'alarm'
else 'ok'
end as status,
case
when user_data like any (array ['%pass%', '%secret%','%token%','%key%'])
or user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]' then instance_id ||' potential secret found in user data.'
else instance_id || ' no secrets found in user data.'
end as reason
, region, account_id
from
aws_ec2_instance;

Controls

The query is being used by the following controls: