AWS EC2 Instance IAM Role not enabled
Description
AWS provides Identity Access Management (IAM) roles to securely access AWS services and resources. The role is an identity with permission policies that define what the identity can and cannot do in AWS. As a best practice, create IAM roles and attach the role to manage EC2 instance permissions securely instead of distributing or sharing keys or passwords
Code Example
yaml
resource "aws_instance" "pass" {
ami = "ami-005e54dee72cc1d00" # us-west-2
instance_type = "t2.micro"
iam_instance_profile = "test"
network_interface {
network_interface_id = aws_network_interface.foo.id
device_index = 0
}
credit_specification {
cpu_credits = "unlimited"
}
}Remediation
Terraform
- Resource: aws_instance
- Arguments: iam_instance_profile
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0475 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV2_AWS_41 |