Beta - CVM instance using user data
Ce produit n'est pas pris en charge par le
site Datadog que vous avez sélectionné. (
).
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Id: 5bb6fa08-5e84-4760-a54a-cdcd66626976
Cloud Provider: TencentCloud
Platform: Terraform
Severity: Low
Category: Access Control
Learn More
Description
CVM instances must use roles to obtain required permissions rather than embedding API credentials in instance configuration. This rule detects API secret keys in the user_data or user_data_raw fields of tencentcloud_instance resources. Embedding secrets in user data is insecure. Instead, assign permissions using the cam_role_name attribute.
Compliant Code Examples
data "tencentcloud_images" "my_favorite_image" {
image_type = ["PUBLIC_IMAGE"]
image_name_regex = "Final"
}
data "tencentcloud_instance_types" "my_favorite_instance_types" {
filter {
name = "instance-family"
values = ["S1", "S2", "S3", "S4", "S5"]
}
cpu_core_count = 2
exclude_sold_out = true
}
data "tencentcloud_availability_zones" "my_favorite_zones" {}
resource "tencentcloud_vpc" "app" {
cidr_block = "10.0.0.0/16"
name = "awesome_app_vpc"
}
resource "tencentcloud_subnet" "app" {
vpc_id = tencentcloud_vpc.app.id
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
name = "awesome_app_subnet"
cidr_block = "10.0.1.0/24"
}
resource "tencentcloud_instance" "cvm_postpaid" {
instance_name = "cvm_postpaid"
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
image_id = data.tencentcloud_images.my_favorite_image.images.0.image_id
instance_type = data.tencentcloud_instance_types.my_favorite_instance_types.instance_types.0.instance_type
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
hostname = "user"
project_id = 0
vpc_id = tencentcloud_vpc.app.id
subnet_id = tencentcloud_subnet.app.id
user_data_raw = "this is test value"
data_disks {
data_disk_type = "CLOUD_PREMIUM"
data_disk_size = 50
encrypt = false
}
tags = {
tagKey = "tagValue"
}
}
data "tencentcloud_images" "my_favorite_image" {
image_type = ["PUBLIC_IMAGE"]
image_name_regex = "Final"
}
data "tencentcloud_instance_types" "my_favorite_instance_types" {
filter {
name = "instance-family"
values = ["S1", "S2", "S3", "S4", "S5"]
}
cpu_core_count = 2
exclude_sold_out = true
}
data "tencentcloud_availability_zones" "my_favorite_zones" {}
resource "tencentcloud_vpc" "app" {
cidr_block = "10.0.0.0/16"
name = "awesome_app_vpc"
}
resource "tencentcloud_subnet" "app" {
vpc_id = tencentcloud_vpc.app.id
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
name = "awesome_app_subnet"
cidr_block = "10.0.1.0/24"
}
resource "tencentcloud_instance" "cvm_postpaid" {
instance_name = "cvm_postpaid"
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
image_id = data.tencentcloud_images.my_favorite_image.images.0.image_id
instance_type = data.tencentcloud_instance_types.my_favorite_instance_types.instance_types.0.instance_type
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
hostname = "user"
project_id = 0
vpc_id = tencentcloud_vpc.app.id
subnet_id = tencentcloud_subnet.app.id
user_data = base64encode("this is test value")
data_disks {
data_disk_type = "CLOUD_PREMIUM"
data_disk_size = 50
encrypt = false
}
tags = {
tagKey = "tagValue"
}
}
data "tencentcloud_images" "my_favorite_image" {
image_type = ["PUBLIC_IMAGE"]
image_name_regex = "Final"
}
data "tencentcloud_instance_types" "my_favorite_instance_types" {
filter {
name = "instance-family"
values = ["S1", "S2", "S3", "S4", "S5"]
}
cpu_core_count = 2
exclude_sold_out = true
}
data "tencentcloud_availability_zones" "my_favorite_zones" {}
resource "tencentcloud_vpc" "app" {
cidr_block = "10.0.0.0/16"
name = "awesome_app_vpc"
}
resource "tencentcloud_subnet" "app" {
vpc_id = tencentcloud_vpc.app.id
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
name = "awesome_app_subnet"
cidr_block = "10.0.1.0/24"
}
resource "tencentcloud_instance" "cvm_postpaid" {
instance_name = "cvm_postpaid"
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
image_id = data.tencentcloud_images.my_favorite_image.images.0.image_id
instance_type = data.tencentcloud_instance_types.my_favorite_instance_types.instance_types.0.instance_type
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
hostname = "user"
project_id = 0
vpc_id = tencentcloud_vpc.app.id
subnet_id = tencentcloud_subnet.app.id
data_disks {
data_disk_type = "CLOUD_PREMIUM"
data_disk_size = 50
encrypt = false
}
tags = {
tagKey = "tagValue"
}
}
Non-Compliant Code Examples
data "tencentcloud_images" "my_favorite_image" {
image_type = ["PUBLIC_IMAGE"]
image_name_regex = "Final"
}
data "tencentcloud_instance_types" "my_favorite_instance_types" {
filter {
name = "instance-family"
values = ["S1", "S2", "S3", "S4", "S5"]
}
cpu_core_count = 2
exclude_sold_out = true
}
data "tencentcloud_availability_zones" "my_favorite_zones" {}
resource "tencentcloud_vpc" "app" {
cidr_block = "10.0.0.0/16"
name = "awesome_app_vpc"
}
resource "tencentcloud_subnet" "app" {
vpc_id = tencentcloud_vpc.app.id
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
name = "awesome_app_subnet"
cidr_block = "10.0.1.0/24"
}
resource "tencentcloud_instance" "cvm_postpaid" {
instance_name = "cvm_postpaid"
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
image_id = data.tencentcloud_images.my_favorite_image.images.0.image_id
instance_type = data.tencentcloud_instance_types.my_favorite_instance_types.instance_types.0.instance_type
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
hostname = "user"
project_id = 0
vpc_id = tencentcloud_vpc.app.id
subnet_id = tencentcloud_subnet.app.id
user_data_raw = "apt-get install -y tccli; export TENCENTCLOUD_SECRET_ID=your_access_key_id_here; export TENCENTCLOUD_SECRET_KEY=your_secret_access_key_here"
data_disks {
data_disk_type = "CLOUD_PREMIUM"
data_disk_size = 50
encrypt = false
}
tags = {
tagKey = "tagValue"
}
}
data "tencentcloud_images" "my_favorite_image" {
image_type = ["PUBLIC_IMAGE"]
image_name_regex = "Final"
}
data "tencentcloud_instance_types" "my_favorite_instance_types" {
filter {
name = "instance-family"
values = ["S1", "S2", "S3", "S4", "S5"]
}
cpu_core_count = 2
exclude_sold_out = true
}
data "tencentcloud_availability_zones" "my_favorite_zones" {}
resource "tencentcloud_vpc" "app" {
cidr_block = "10.0.0.0/16"
name = "awesome_app_vpc"
}
resource "tencentcloud_subnet" "app" {
vpc_id = tencentcloud_vpc.app.id
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
name = "awesome_app_subnet"
cidr_block = "10.0.1.0/24"
}
resource "tencentcloud_instance" "cvm_postpaid" {
instance_name = "cvm_postpaid"
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
image_id = data.tencentcloud_images.my_favorite_image.images.0.image_id
instance_type = data.tencentcloud_instance_types.my_favorite_instance_types.instance_types.0.instance_type
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
hostname = "user"
project_id = 0
vpc_id = tencentcloud_vpc.app.id
subnet_id = tencentcloud_subnet.app.id
user_data = base64encode("apt-get install -y tccli; export secretId=your_access_key_id_here; export secretId=your_secret_access_key_here")
data_disks {
data_disk_type = "CLOUD_PREMIUM"
data_disk_size = 50
encrypt = false
}
tags = {
tagKey = "tagValue"
}
}
data "tencentcloud_images" "my_favorite_image" {
image_type = ["PUBLIC_IMAGE"]
image_name_regex = "Final"
}
data "tencentcloud_instance_types" "my_favorite_instance_types" {
filter {
name = "instance-family"
values = ["S1", "S2", "S3", "S4", "S5"]
}
cpu_core_count = 2
exclude_sold_out = true
}
data "tencentcloud_availability_zones" "my_favorite_zones" {}
resource "tencentcloud_vpc" "app" {
cidr_block = "10.0.0.0/16"
name = "awesome_app_vpc"
}
resource "tencentcloud_subnet" "app" {
vpc_id = tencentcloud_vpc.app.id
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
name = "awesome_app_subnet"
cidr_block = "10.0.1.0/24"
}
resource "tencentcloud_instance" "cvm_postpaid" {
instance_name = "cvm_postpaid"
availability_zone = data.tencentcloud_availability_zones.my_favorite_zones.zones.0.name
image_id = data.tencentcloud_images.my_favorite_image.images.0.image_id
instance_type = data.tencentcloud_instance_types.my_favorite_instance_types.instance_types.0.instance_type
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
hostname = "user"
project_id = 0
vpc_id = tencentcloud_vpc.app.id
subnet_id = tencentcloud_subnet.app.id
user_data_raw = "apt-get install -y tccli; export secretId=your_access_key_id_here; export secretId=your_secret_access_key_here"
data_disks {
data_disk_type = "CLOUD_PREMIUM"
data_disk_size = 50
encrypt = false
}
tags = {
tagKey = "tagValue"
}
}
