AWS-EC2-Public-AMI

Severity: High

Description: This control ensures for restricted image (AMI) sharing permissions. Sharing Image (AMI) publicly allows any AWS user from any AWS account to list and launch EC2 instances. Sharing of AMI is not recommended because it discloses sensitive information stored on root device. Also it may create licensing issues with the applications installed on Root Device.

Remediation Steps:

Perform following to update EC2 AMIs :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to EC2 console.

3. In the navigation pane, choose AMIs.

4. Select AMI from the list, and then choose Actions, Modify Image Permissions.

5. Choose Private and choose Save.

Important:

• When an AMI is public, it is available in Community AMIs when an instance is launch in the same region using the console.

•  It can take a short while for an AMI to be removed from Community AMIs after its made private again.

Reference:

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html