UNKNOWN
Source
CloudSploit
ID
public-ami

Public AMI

Checks for publicly shared AMIs

Accidentally sharing AMIs allows any AWS user to launch an EC2 instance using the image as a base. This can potentially expose sensitive information stored on the host.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the AWS Management Console.

  2. Select the “Services” option and search for EC2. Step

  3. Scroll down the left navigation panel and choose “AMIs” under “Images”.Step

  4. Select the “AMI” that needs to be verified. Step

  5. Scroll down the page and select the “Permissions” tab from the dashboard bottom panel and check the AMI permission. If the selected AMI is publicly accessible it will show “This image is currently Public”. This can potentially expose sensitive information stored on the host.Step

  6. Repeat steps number 2 - 6 to verify ohter “AMIs” permissions in the region.

  7. Navigate to “AMIs” under “Images” and select the “AMI” that needs to modify to restrict the publicly shared image to private image.Step

  8. Click on the “Permissions” tab from the dashboard bottom panel and click on the “Edit” button.Step

  9. In the “Modify Image Permissions” choose “Private” and click on the “Save” button to make the necessary changes.Step

  10. Repeat steps number 7 - 9 to change “Public AMI” to the “Private AMI” in the selected AWS region.