v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 2.1.3 Ensure Only Approved AMIs (Images) are Used

Description

Ensure that all base AMIs utilized are approved for use by your organization.

An approved AMI is a base EC2 machine image that is a pre-configured OS configured to run your application. Using approved AMIs helps enforce consistency and security.

Remediation

Perform the following to remove unauthorized AMIs.

From Console:

  1. Login to the EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the left pane click on Images.
  3. Then choose AMIs,
  4. Confirm that Owned by me is selected.
  5. Review the list of AMIs.
  6. Confirm that the AMIs listed are all approved for use.
  7. If an AMI is listed that is not approved select it.
  8. Click on Actions and choose Deregister.

After all unauthorized AMIs have been De-registered review all EC2 instances.

  1. Click on Instances.
  2. Then choose Instances.
  3. Select the EC2 instance for review.
  4. In the Details tab review:
AMI Name
AMI location
  1. If this information is listed as not available this instance was built with an unauthorized AMI.
  2. Follow organization steps to secure this instance and replace it with an instance built from an approved AMI if applicable.
  3. Repeat steps 3 – 6 to verify all instance have been created with approved AMIs.

Repeat the process for all other regions.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_2_1_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_1_3 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 2.1.3
cis_level = 1
cis_section_id = 2.1
cis_type = manual
cis_version = v1.0.0
plugin = aws
service = AWS/EC2