Plugin Title Public AMI
Cloud AWS
Category EC2
Description Checks for publicly shared AMIs
More Info Accidentally sharing AMIs allows any AWS user to launch an EC2 instance using the image as a base. This can potentially expose sensitive information stored on the host.
AWS Link http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html
Recommended Action Convert the public AMI a private image.


Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the "Services" option and search for EC2.
  3. Scroll down the left navigation panel and choose "AMIs" under "Images".
  4. Select the "AMI" that needs to be verified.
  5. Scroll down the page and select the "Permissions" tab from the dashboard bottom panel and check the AMI permission. If the selected AMI is publicly accessible it will show "This image is currently Public". This can potentially expose sensitive information stored on the host.
  6. Repeat steps number 2 - 6 to verify ohter "AMIs" permissions in the region.
  7. Navigate to "AMIs" under "Images" and select the "AMI" that needs to modify to restrict the publicly shared image to private image.
  8. Click on the "Permissions" tab from the dashboard bottom panel and click on the "Edit" button.
  9. In the "Modify Image Permissions" choose "Private" and click on the "Save" button to make the necessary changes.
  10. Repeat steps number 7 - 9 to change "Public AMI" to the "Private AMI" in the selected AWS region.

Want to scan for this risk automatically?

Get Started Now