Credentials are configured via provider attributes Affecting Provider service in AWS

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM

Snyk ID SNYK-CC-TF-74
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Use of provider attributes can lead to accidental disclosure of credentials in configuration files, variable definition files, event logs or console logs

How to fix?

Set access credentials via environment variables, and remove access_key and secret_key attributes from the configuration

References

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs