Free Assessment

Amazon_EC2_3

Ensure all Customer owned Amazon Machine Images are not shared publicly

Description

Amazon Machine Images (AMI) are an exact duplicate of the instance they were created from and will allow anyone with access to create a complete replica of the original instance.The original instance may contain intellectual property, proprietary applications, and configuration information that can be used to exploit or compromise any running instance in the web tier.

Remediation

Using the Amazon unified command line interface:

  • For each AMI that is public remove group ALL from the launch permissions:
    aws ec2 modify-image-attribute –image-id <public_image_id> –launch-permission “{“Remove”:[{“Group”:”all”}]}”

Default Value:
The prescribed value is the default value.

References:

  1. http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html
  2. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html
  3. http://docs.aws.amazon.com/cli/latest/reference/ec2/modify-image-attribute.html

Service

EC2

Severity

Low

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More