Workload misconfigurations

EC2 Instance with secrets in UserData Attribute

Description

Instance metadata can be used to access user data that was specified when launching the instance. For example, a parameter can be specified for configuring the instance, or include a simple script. The user data is not protected by authentication or cryptography, and therefore, anyone with access to the instance can view it. Secrets were found for the instance {AwsEc2Instance} in the user data attribute. A malicious actor may use the secrets to compromise additional assets in the account
  • Recommended Mitigation

    It is recommended to remove the secrets from instance metadata attribute 'UserData'. For more information please see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-view-change" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-view-change</a>