CodeBuild project environment variables should not contain plain text credentials

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

This rule verifies whether the project has plain text environment variables that include the string AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY. Storing authentication credentials such as these in plain text poses a security risk, as it may result in unauthorized access and potential data exposure.

Remediation

For guidance on updating project environment variables, refer to the Change a build project’s settings in AWS CodeBuild section in the AWS CodeBuild User Guide.