EC2 setting 'Allowed AMIs' should be enabled and enforced by declarative policy

ec2
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Enabling the EC2 setting ‘Allowed AMIs’ ensures that only approved and trusted Amazon Machine Images are used to launch instances within your environment. By restricting the available AMIs, you can prevent the use of unvetted or potentially compromised images that could introduce security vulnerabilities or malware. Note: Previously launched instances are unaffected by this setting. The state of the setting must be enabled for this rule to pass.

Enforcing this EC2 setting using AWS Organizations declarative policies provides an additional layer of protection, as the setting must be configured centrally from the organization management account or a delegated administator account.

Remediation

For guidance on enabling this EC2 setting, refer to the Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs section of the Amazon Elastic Compute Cloud User Guide. For guidance on managing declarative policies, refer to the Declarative policies section of the AWS Organizations User Guide.