Control: AWS > NIST 800-53 > CodeBuild > CodeBuild project plaintext environment variables should not contain sensitive AWS values

Ensure authentication credentials AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY do not exist within AWS CodeBuild project environments. Do not store these variables in clear text. Storing these variables in clear text leads to unintended data exposure and unauthorized access.

Resource Types

This control targets the following resource types:

AWS > CodeBuild > Project

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-nist-800-53#/control/types/codeBuildProjectPlaintextEnvVariablesNoSensitiveAwsValues

Category URI

tmod:@turbot/turbot#/control/categories/complianceNist80053

GraphQL

query controlType(id: "tmod:@turbot/aws-nist-800-53#/control/types/codeBuildProjectPlaintextEnvVariablesNoSensitiveAwsValues") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-nist-800-53#/control/types/codeBuildProjectPlaintextEnvVariablesNoSensitiveAwsValues'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-nist-800-53#/control/types/codeBuildProjectPlaintextEnvVariablesNoSensitiveAwsValues"