CodeBuild project environment variables should not contain plain text credentials

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This rule verifies whether the project has plain text environment variables that include the string AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY. Storing authentication credentials such as these in plain text poses a security risk, as it may result in unauthorized access and potential data exposure.

Remediation

For guidance on updating project environment variables, refer to the Change a build project’s settings in AWS CodeBuild section in the AWS CodeBuild User Guide.