Workload misconfigurations

EC2 Instance with secrets in UserData Attribute

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Instance metadata can be used to access user data that was specified when launching the instance. For example, a parameter can be specified for configuring the instance, or include a simple script. The user data is not protected by authentication or cryptography, and therefore, anyone with access to the instance can view it. Secrets were found for the instance {AwsEc2Instance} in the user data attribute. A malicious actor may use the secrets to compromise additional assets in the account

  • Recommended Mitigation

    It is recommended to remove the secrets from instance metadata attribute 'UserData'. For more information please see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-view-change" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-view-change</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.