Information Disclosure: AWS Access Token¶

Identifier: aws_access_token

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

AWS access tokens (including access keys, secret keys, and session tokens) should never be exposed in API responses, logs, or client-side code. These credentials provide direct access to AWS services and resources, and their exposure can lead to unauthorized access, data breaches, and significant financial impact from resource abuse.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  aws_access_token:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.