github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.cf.go (about) 1 package ec2 2 3 var cloudFormationASNoSecretsInUserDataGoodExamples = []string{ 4 `--- 5 Resources: 6 InstanceProfile: 7 Type: AWS::IAM::InstanceProfile 8 Properties: 9 InstanceProfileName: MyIamInstanceProfile 10 Path: "/" 11 Roles: 12 - MyAdminRole 13 GoodExample: 14 Type: AWS::EC2::LaunchTemplate 15 Properties: 16 LaunchTemplateName: MyLaunchTemplate 17 LaunchTemplateData: 18 IamInstanceProfile: 19 Arn: !GetAtt 20 - MyIamInstanceProfile 21 - Arn 22 DisableApiTermination: true 23 ImageId: ami-04d5cc9b88example 24 UserData: export SSM_PATH=/database/creds 25 InstanceType: t2.micro 26 KeyName: MyKeyPair 27 MetadataOptions: 28 - HttpTokens: required 29 SecurityGroupIds: 30 - sg-083cd3bfb8example 31 `, 32 } 33 34 var cloudFormationASNoSecretsInUserDataBadExamples = []string{ 35 `--- 36 Resources: 37 InstanceProfile: 38 Type: AWS::IAM::InstanceProfile 39 Properties: 40 InstanceProfileName: MyIamInstanceProfile 41 Path: "/" 42 Roles: 43 - MyAdminRole 44 BadExample: 45 Type: AWS::EC2::LaunchTemplate 46 Properties: 47 LaunchTemplateName: MyLaunchTemplate 48 LaunchTemplateData: 49 IamInstanceProfile: 50 Arn: !GetAtt 51 - MyIamInstanceProfile 52 - Arn 53 DisableApiTermination: true 54 ImageId: ami-04d5cc9b88example 55 UserData: export DATABASE_PASSWORD=password1234 56 InstanceType: t2.micro 57 KeyName: MyKeyPair 58 SecurityGroupIds: 59 - sg-083cd3bfb8example 60 `, 61 } 62 63 var cloudFormationASNoSecretsInUserDataLinks = []string{} 64 65 var cloudFormationASNoSecretsInUserDataRemediationMarkdown = ``