Information Disclosure: AWS Config Exposure¶

Identifier: aws_config_exposure

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

This vulnerability occurs when AWS configuration files are accidentally exposed, potentially revealing secrets like access keys and other sensitive details about your AWS setup. If an attacker sees these files, they might gain free rein over your cloud resources, leading to data breaches or unauthorized actions. Often, this happens because file permissions or directory settings aren't set up correctly, which developers sometimes overlook in the rush to get features working. The risk is high because it can open the door to serious security failures if not addressed promptly.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  aws_config_exposure:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.