Detections
Analytics

Ensure there are no hard coded keys used in base64 encoded value of AWS Launch Configuration

HIGH

Description

Using base64 encoded private keys as part of config can provide access to unauthorized users provided config is exposed.

Remediation

For more information on how to setup launch configurations, see the AWS documentation.

In Terraform -

  1. In the aws_launch_configuration resource, remove any user_data_base64 data that might contain hardcoded keys.
  2. This will destroy existing launch configurations for autoscaling groups and deploy a new configuration. For more information, see the Terraform documentation.

References:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-launch-configuration.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration

Policy Details

Rule Reference ID: AC_AWS_0168
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_launch_configuration
Resource Category: Compute
Resource Type: Elastic Cloud Compute (EC2)

Frameworks