Config Files Exposed Aws Credentials
Description
Detects AWS credentials (like access keys and secret keys) that are hardcoded or exposed in source code and configuration files. This is a critical security risk as exposed cloud credentials could allow attackers to gain unauthorized access to AWS resources and services.
Detection Strategy
• Scans each line of code or configuration files for patterns matching AWS credential formats
• Looks for strings that match AWS access key ID format (20 characters starting with 'AKIA') and secret access key patterns
• Only processes lines shorter than 1000 characters to avoid false positives in large blocks of text or encoded content
• Reports a vulnerability for each line containing a match for AWS credential patterns
Vulnerable code example
#!/bin/bash
# Dangerous: Hardcoded AWS credentials in plaintext
export AWS_ACCESS_KEY_ID=AKIA0000000000000000
export AWS_SECRET_ACCESS_KEY=my-secret-access-key
# Use AWS CLI
aws s3 ls✅ Secure code example
#!/bin/bash
set -euo pipefail # Enable strict bash error handling
# Set default region if not specified
: "${AWS_REGION:=us-east-1}"
# Check for AWS credentials from environment or profile
if [[ -z ${AWS_PROFILE:-} ]]; then...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.