no-exposing-plaintext-credentials
Explanation
The AWS provider block should not contain hardcoded credentials. These can be passed in securely as runtime using environment variables.
Possible Impact
Exposing the credentials in the Terraform provider increases the risk of secret leakage
Suggested Resolution
Don't include access credentials in plain text
Insecure Example
The following example will fail the aws-misc-no-exposing-plaintext-credentials check.
provider "aws" {
access_key = "AKIAABCD12ABCDEF1ABC"
secret_key = "s8d7ghas9dghd9ophgs9"
}
Secure Example
The following example will pass the aws-misc-no-exposing-plaintext-credentials check.
provider "aws" {
}