Credentials are configured via provider attributes Affecting Provider service in AWS

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-ControlsCSA-CCM

Snyk IDSNYK-CC-TF-74
creditSnyk Research Team

Report a new misconfiguration Found a mistake?

Description

Use of provider attributes can lead to accidental disclosure of credentials in configuration files, variable definition files, event logs or console logs

How to fix?

Set access credentials via environment variables, and remove access_key and secret_key attributes from the configuration

References

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs

Credentials are configured via provider attributes Affecting Provider service in AWS

Severity

Is your environment affected by this misconfiguration?

Description

How to fix?

References