Details

Amazon Machine Images (AMI) are an exact duplicate of the instance they were created from and will allow anyone with access to create a complete replica of the original instance. The original instance may contain intellectual property, proprietary applications, and configuration information that can be used to exploit or compromise any running instance in the web tier.

Allowing public access to the Web Tier AMI may aid an adversary in identifying weaknesses in the application use or configuration.

Solution

Using the Amazon unified command line interface:

* For each AMI that is public remove group ALL from the launch permissions:

aws ec2 modify-image-attribute –image-id __ –launch-permission “{“Remove””:[{“”Group””:””all””}]}””

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/260

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system amazon_aws.

References

• 800-53|AC-6

Source

• Tenable.com/audits

“