v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 2.1.4 Ensure Images (AMI) are not older than 90 days

Description

Ensure that your AMIs are not older than 90 days.

Using up-to-date AMIs will provide many benefits from OS updates and security patches helping to ensure reliability, security and compliance.

Remediation

Perform these steps if the Creation date is older than 90 days.

From Console:

  1. Login to the EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the left pane, under Images, click AMIs.
  3. Select the AMI to be updated.
  4. Click on Launch.
  5. Go through the EC2 Instance creation process.
  6. Apply all system, security and application updates that are applicable to the EC2 instance.
  7. Once completed click on Instance state, Stop instance.
  8. Click on Actions, Image and templates, Create image.
  9. Once the image process has complete return to the AMI list but clicking on Images, AMIs.
  10. Select the AMI that is older than 90 days.
  11. Click on Actions, Deregister.

Repeat these steps for any other AMIs older than 90 days.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_2_1_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_1_4 --share

SQL

This control uses a named query:

ec2_ami_not_older_than_90_days

Tags

category = Compliance
cis = true
cis_item_id = 2.1.4
cis_level = 1
cis_section_id = 2.1
cis_type = manual
cis_version = v1.0.0
plugin = aws
service = AWS/EC2