github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/ec2/AVD-AWS-0129/CloudFormation.md (about)

     1  
     2  Remove sensitive data from the EC2 instance user-data generated by launch templates
     3  
     4  ```yaml---
     5  Resources:
     6    InstanceProfile:
     7      Type: AWS::IAM::InstanceProfile
     8      Properties:
     9        InstanceProfileName: MyIamInstanceProfile
    10        Path: "/"
    11        Roles:
    12        - MyAdminRole
    13    GoodExample:
    14      Type: AWS::EC2::LaunchTemplate
    15      Properties:
    16        LaunchTemplateName: MyLaunchTemplate
    17        LaunchTemplateData:
    18          IamInstanceProfile:
    19            Arn: !GetAtt
    20              - MyIamInstanceProfile
    21              - Arn
    22          DisableApiTermination: true
    23          ImageId: ami-04d5cc9b88example
    24          UserData: export SSM_PATH=/database/creds
    25          InstanceType: t2.micro
    26          KeyName: MyKeyPair
    27          MetadataOptions:
    28            - HttpTokens: required
    29          SecurityGroupIds:
    30            - sg-083cd3bfb8example
    31  
    32  ```
    33  
    34