Amazon Machine Image (AMI) should only be available to trusted accounts

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Identify publicly accessible Amazon Machine Images (AMIs).

Rationale

When an AMI is shared publicly, anyone outside your organization can see it in the list of public AMIs and create an EC2 instance from it, accessing all the files it contains.

AMIs typically contain source code, configuration files and credentials and should not be shared publicly. AMIs should only be shared with specific AWS accounts or your AWS Organization.

Remediation

From the console

Follow the instructions outlined in the AWS documentation.

From the command line

Use the following command to stop sharing the AMI:

aws ec2 modify-image-attribute \
--image-id ami-xxxx \
--launch-permission "Remove=[{Group=all}]"

.

PREVIEWING: antoine.dussault/service-representation-ga-docs-us1