Checks/Aws/Test-SsmDocumentSecrets.ps1
|
function Test-SsmDocumentSecrets { <# .SYNOPSIS SSM document contains no secrets .DESCRIPTION **AWS Systems Manager documents** are inspected for embedded **secrets** within their content. Patterns resembling passwords, access keys, tokens, or private keys in document steps are flagged when values appear hardcoded rather than referenced securely. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: ssm_document_secrets [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check ssm_document_secrets for reference.', 'N/A', 'ssm Resources') } |