Ensure that all EC2 instances provisioned in your AWS account are launched from approved Amazon Machine Images (AMIs) only and not from blocklisted AMIs in order to enforce security at application stack level. Prior to running this rule by the Cloud Conformity engine, you need to compile a list with the blocklisted AMIs by using the rule settings available on the Cloud Conformity Console.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Blocklisting unwanted or compromised AMIs within you AWS account allows you to prevent specific security issues from reaching into your application stack and enforce the EC2 provisioning process to use only approved AMIs.
To determine if there are any EC2 instances launched from blocklisted Amazon Machine Images within your account, perform the following:
Remediation / Resolution
To relaunch an EC2 instance that was built from a blocklisted Amazon Machine Image, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Risk level: Medium