Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: CodeBuild Project Environment Variables

This rule ensures clear text credentials are not included in CodeBuild project environment variables.

RuleCodeBuild project environment variables should not contain clear text credentials
FrameworkPCI v3.2.1
Severity
Critical

Rule Description:

The rule states that CodeBuild project environment variables should not contain clear text credentials for PCI (Payment Card Industry) v3 compliance. Storing clear text credentials in environment variables can lead to potential security risks such as unauthorized access to sensitive data.

Remediation:

To remediate this rule, follow the step-by-step guide below:

Step 1: Review existing CodeBuild project configurations

  1. 1.
    Login to the AWS Management Console.
  2. 2.
    Go to the AWS CodeBuild service page.
  3. 3.
    Select the relevant CodeBuild project where you want to check for clear text credentials.

Step 2: Verify environment variables

  1. 1.
    In the project configuration, navigate to the "Environment" section.
  2. 2.
    Check the list of environment variables declared for the project.
  3. 3.
    For each environment variable, ensure that there are no clear text credentials stored.

Step 3: Replace clear text credentials with secure alternatives

  1. 1.
    If any environment variable contains clear text credentials, it is recommended to replace them with secure alternatives.
  2. 2.
    Avoid storing credentials directly in environment variables.
  3. 3.
    For AWS resources, consider using IAM roles or AWS Secrets Manager to securely manage credentials.

Step 4: Update the CodeBuild project

  1. 1.
    After making the necessary changes, update the CodeBuild project configuration.
  2. 2.
    Save the changes, and the updated configuration will be applied to the project.

Troubleshooting:

In case there are any issues or troubleshooting required, follow these steps:

Issue: Clear text credentials found in environment variables

Solution:

  1. 1.
    Identify the environment variable(s) containing clear text credentials.
  2. 2.
    Follow the remediation steps mentioned above to replace the clear text credentials with secure alternatives.

Issue: Missing permissions to access CodeBuild project configuration

Solution:

  1. 1.
    Verify that you have the required permissions to access and modify the CodeBuild project configuration.
  2. 2.
    Contact the AWS account administrator if you don't have sufficient permissions.

Best Practices:

To ensure ongoing compliance with PCI v3 and maintain security, consider following these best practices:

  1. 1.
    Avoid storing clear text credentials in environment variables.
  2. 2.
    Use secure alternatives like IAM roles or AWS Secrets Manager to manage credentials.
  3. 3.
    Regularly review and monitor your CodeBuild projects for any potential security risks.
  4. 4.
    Implement proper access control to limit who can modify the CodeBuild project configuration.
  5. 5.
    Stay up-to-date with AWS security best practices and recommendations.

Please note that following these best practices can help improve your overall security posture and maintain compliance with the PCI v3 standard.

Is your System Free of Underlying Vulnerabilities?
Find Out Now