EC2 Instance with secrets in UserData Attribute - Complete Cloud Security in Minutes - Orca Security

Workload misconfigurations

EC2 Instance with secrets in UserData Attribute

Risk Level

Informational (4)

Platform(s)

Description

Instance metadata can be used to access user data that was specified when launching the instance. For example, a parameter can be specified for configuring the instance, or include a simple script. The user data is not protected by authentication or cryptography, and therefore, anyone with access to the instance can view it. Secrets were found for the instance {AwsEc2Instance} in the user data attribute. A malicious actor may use the secrets to compromise additional assets in the account

Recommended Mitigation

It is recommended to remove the secrets from instance metadata attribute 'UserData'. For more information please see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-view-change

See Orca in action

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.