Ensure that your existing AWS Amazon Machine Images (AMIs) are not older than 180 days in order to ensure their reliability and to meet security and compliance requirements.
Using up-to-date AMIs to launch your EC2 instances brings major benefits to your AWS application stack, maintaining your EC2 deployments secure and reliable. You can go even further and automate your old AMIs update process with AWS Systems Manager or open source tools like Packer and Netflix Aminator. Note: The default value set for the maximum AMI age is 180 days, however, you can change the default threshold for this rule using the Cloud Conformity console and set your own value for the AMI age based on your needs.
To determine if you have any outdated (> 180 days) AMIs available within your AWS account, perform the following actions:
To re-create each outdated AWS AMI with an up-to-date software stack, perform the following:Note: As an example, this conformity rule demonstrates how to update an outdated AWS Linux AMI.