Ensure all data stored in the launch configuration EBS is securely encrypted
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | ec2 |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description#
Sensitive information, such as credentials or secrets, is included in EC2 Launch Configuration user data, which is stored in plaintext and accessible to anyone with instance or API access. This exposes confidential data in an insecure manner.
Impact#
If exploited, attackers or unauthorized users with access to the instance or AWS APIs can retrieve sensitive data from user data scripts, leading to potential credential theft, unauthorized access to systems, or further compromise of cloud resources.
Resolution#
Don’t use sensitive data in user data