v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 2.1.1 Ensure Consistent Naming Convention is used for Organizational AMI

Description

The naming convention for AMI (Amazon Machine Images) should be documented and followed for any AMI's created.

The majority of AWS resources can be named and tagged. Most organizations have already created standardize naming conventions, and have existing rules in effect. They simply need to extend that for all AWS cloud resources to include Amazon Machine Images (AMI)

Remediation

If the AMI Name for an AMI doesn't follow Organization policy Perform the following to copy and rename the AMI:

From Console:

  1. Login to the EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the left pane click Images, click AMIs.
  3. Select the AMI that does not comply to the naming policy.
  4. Click on Actions.
  5. Click on Copy AMI.
Destination region - Select the region the AMI is in.
Name - `Enter the new Name`
Description - `Enter the new description`
Encryption - `Select` if it matches your image policy
  1. Click on Copy AMI.
Once the AMI has finished copying.
  1. Select the AMI that does not comply to the naming policy.
  2. Click on Actions.
  3. Click on Deregister

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_2_1_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_1_1 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 2.1.1
cis_level = 1
cis_section_id = 2.1
cis_type = manual
cis_version = v1.0.0
plugin = aws
service = AWS/EC2