Detections
Analytics

Ensure there are no hard coded scripts used in base64 encoded value of AWS Launch Configuration

HIGH

Description

Using base64 encoded shell script as part of config impact the confidentiality of data provided resource is exploited.

Remediation

For more information on how to setup launch configurations, see the AWS documentation.

In Terraform -

  1. In the aws_launch_configuration resource, remove any user_data_base64 data that might contain hardcoded scripts.
  2. This will destroy existing launch configurations for autoscaling groups and deploy a new configuration. For more information, see the Terraform documentation.

References:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-launch-configuration.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration

Policy Details

Rule Reference ID: AC_AWS_0170
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_launch_configuration
Resource Category: Compute
Resource Type: Elastic Cloud Compute (EC2)

Frameworks