Ensure that all the AWS EC2 instances necessary for your application stack are launched from your approved base Amazon Machine Images (AMIs), known as golden AMIs in order to enforce consistency and save time when scaling your application.
This rule can help you with the following compliance standards:
- NIST 800-53 (Rev. 4)
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
An approved/golden AMI is a base EC2 machine image that contains a pre-configured OS and a well-defined stack of server software fully configured to run your application. Using golden AMIs to create new EC2 instances within your AWS environment brings major benefits such as fast and stable application deployment and scaling, secure application stack upgrades and versioning. You can go even further and automate your golden AMIs creation with open source tools like Packer https://www.packer.io/ and Netflix Animator (https://github.com/Netflix/animator).
To determine if your EC2 instances are being launched using approved Amazon Machine Images (AMI), perform the following:
Remediation / Resolution
To create golden/approved machine images and enforce your AWS administrators to launch EC2 instances using only these images, perform the following:
- AWS Documentation
- Amazon EC2 FAQs
- Getting Started with Amazon EC2 Linux Instances
- Setting Up with Amazon EC2
- Creating an Amazon EBS-Backed Linux AMI
- Tutorial: Create and Attach Your First Customer Managed Policy
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Risk level: Medium