02 - Publicly Exposed AMIs

AMI's that are publicly accessible

AMIs are Machine Images that contain all the information that is needed to launch a new Amazon EC2 instance. They act as an exact copy of another EC2 instances that contains application configuration that will be needed to ensure the EC2 instance functions as it is intended to. When a user creates a new AMI they have the option to make this pubic, exposing this to every other user that leverages AWS and registering this in the global AMI catalog. Because AMIs often contain proprietary or sensitive data it is considered an AMI security best practice to ensure your AMIs are set to private. By having a full inventory of all of your AMIs in all regions and all accounts will allow you to easily pinpoint where you may have public AMIs in order to ensure compliancy with the NIST & GDPR frameworks.

Audit & Remediation

Login into your AWS account
Navigate to the EC2 service at: https://console.aws.amazon.com/ec2
Scroll down the left navigation panel and choose AMIs under Images

Look for any AMIs that have a Visibility set to Public.

Select the AMI that has a the Visibility set to Public then select the Permissions tab in the pain below and select the Edit button.

In the Modify Image Permissions modal window, select Private next to This image is currently:.

the new AMI has now been set to Private.
Repeat all step in each region to ensure all AMIs are encrypted at rest.

See all certificates in a single place!

Do you want to see all of your ACM certificates in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.