Ensure that your AWS AMIs are not publicly shared with the other AWS accounts in order to avoid exposing sensitive data. Cloud Conformity strongly recommends against sharing your AMIs with all AWS accounts. If required, you can share your images with specific AWS accounts without making them public.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When you make your AMIs publicly accessible, these become available in the Community AMIs where everyone with an AWS account can use them to launch EC2 instances. Most of the time your AMIs will contain snapshots of your applications (including their data), therefore exposing your snapshots in this manner is not advised.
To identify any publicly accessible AMIs within your AWS account, perform the following:
Case A: To restrict public access to your AMIs and make them private, perform the following:
Case B: To restrict public access to your AMIs and share them with specific AWS accounts, perform the following:
Case A: To restrict public access to your AMIs and make them private using the AWS CLI, perform the following:
Case B: To restrict public access to your AMIs and share them with specific AWS accounts using the AWS CLI, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Publicly Shared AMI
Risk level: Medium