Prowler reports AWS generated temporary key as a Critical risk [ Find secrets in EC2 Auto Scaling Launch Configuration ] #3383
Unanswered
wichanon14
asked this question in
Q&A
Replies: 1 comment
-
|
Hi @wichanon14 and sorry to respond late, we missed this. That case happens usually as you mention and there is not much to do other than mute or allow the fail. We have a solution for that, see here: https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/allowlist/ (in the upcoming version 4 we call it Mutelist) |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
AWS Service :
The issue that I am facing is there is an
X-Amz-Credentialhas been found in the User Data of the auto-scaling service and has been reported as a critical issue. So, the credential that was found is a temporary key generated by AWS and will expire soon. I'm not sure how to fix this issue.This credential generation is from the Could formation service which is controlled by EBS.
.
Let me know if the information that I provided isn't enough.
Thank you in advance.
Beta Was this translation helpful? Give feedback.
All reactions