CloudWiki
Rules
Critical

Ensure EC2 AMIs are not publicly accessible

Security & Compliance
Description

When an Amazon Machine Image (AMI) is publicly accessible, it can be downloaded and launched by anyone on the internet. This can pose a security risk as the AMI may contain sensitive information or configurations that should not be exposed to unauthorized individuals. To ensure that EC2 AMIs are not publicly accessible, the appropriate permissions should be set for the AMIs and their associated snapshots.

Remediation

The following steps can be taken to remediate this issue:

  1. Identify all publicly accessible EC2 AMIs and their associated snapshots by using the AWS CLI or console.
  2. Modify the permissions for the AMIs and their associated snapshots to remove public access.
  3. Ensure that future AMIs and snapshots are created with the appropriate permissions and not made publicly accessible.
  4. Consider implementing a monitoring solution to regularly scan for publicly accessible AMIs and snapshots and alert on any findings.

By implementing these remediation steps, the risk of unauthorized access to sensitive information and configurations in publicly accessible EC2 AMIs can be mitigated.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.