Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create ec2.tf #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Create ec2.tf #2

wants to merge 1 commit into from

Conversation

varunsh-coder
Copy link
Member

@varunsh-coder varunsh-coder commented May 10, 2023

This file is from Terragoat.

Copy link

@step-security-bot step-security-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please find StepSecurity AI-CodeWise code comments below.

Code Comments

ec2.tf

  • [High]Sensitive data exposure
    The AWS Secret Access Key is exposed in clear text in user data. Store sensitive configuration data securely in environment variables or other secrets management tools.
  • [High]Unencrypted volume
    The EBS volume is unencrypted. Set the encrypted attribute of aws_ebs_volume resource to 'true'.
  • [Medium]Security group vulnerabilities
    The security group allows SSH traffic from anywhere in the world. Restrict traffic to allow SSH traffic to specific IP ranges or even better, specific IPs that require access.
  • [Medium]Security group vulnerabilities
    The security group allows traffic to anywhere in the world on port 80. Restrict traffic to allow HTTP traffic from specific IP ranges or even better, specific IPs that require access.
  • [Low]Using plain text secrets in Terraform code is a bad practice
    AWS Secret Access Key and Access Key Id are stored as plain text in the variables tf file. Use the following syntax to store AWS Secret Access Key and Access Key Id: https://www.terraform.io/docs/language/values/variables.html#sensitive-values

Feedback

We appreciate your feedback in helping us improve the service! To provide feedback, please use emojis on this comment. If you find the comments helpful, give them a 👍. If they aren't useful, kindly express that with a 👎. If you have questions or detailed feedback, please create n GitHub issue in StepSecurity/AI-CodeWise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants