github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md (about)

     1  
     2  Remove sensitive data from the EC2 instance user-data generated by launch templates
     3  
     4  ```yaml---
     5  Resources:
     6    InstanceProfile:
     7      Type: AWS::IAM::InstanceProfile
     8      Properties:
     9        InstanceProfileName: MyIamInstanceProfile
    10        Path: "/"
    11        Roles:
    12        - MyAdminRole
    13    GoodExample:
    14      Type: AWS::EC2::LaunchTemplate
    15      Properties:
    16        LaunchTemplateName: MyLaunchTemplate
    17        LaunchTemplateData:
    18          IamInstanceProfile:
    19            Arn: !GetAtt
    20              - MyIamInstanceProfile
    21              - Arn
    22          DisableApiTermination: true
    23          ImageId: ami-04d5cc9b88example
    24          UserData: export SSM_PATH=/database/creds
    25          InstanceType: t2.micro
    26          KeyName: MyKeyPair
    27          MetadataOptions:
    28            - HttpTokens: required
    29          SecurityGroupIds:
    30            - sg-083cd3bfb8example
    31  
    32  ```
    33  
    34