Control: EC2 AMIs should restrict public access
Description
This control checks whether EC2 AMIs are set as private or not. The control fails if the EC2 AMIs are set as public.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.ec2_ami_restrict_public_accessSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.ec2_ami_restrict_public_access --shareSQL
This control uses a named query:
select 'arn:' || partition || ':ec2:' || region || ':' || account_id || ':image/' || image_id as resource, case when public then 'alarm' else 'ok' end status, case when public then title || ' publicly accessible.' else title || ' not publicly accessible.' end reason , region, account_idfrom aws_ec2_ami;