Ensure that all the AWS EC2 instances necessary for your application stack are launched from your approved base Amazon Machine Images (AMIs), known as golden AMIs in order to enforce consistency and save time when scaling your application.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
An approved/golden AMI is a base EC2 machine image that contains a pre-configured OS and a well-defined stack of server software fully configured to run your application. Using golden AMIs to create new EC2 instances within your AWS environment brings major benefits such as fast and stable application deployment and scaling, secure application stack upgrades and versioning. You can go even further and automate your golden AMIs creation with open source tools like Packer https://www.packer.io/ and Netflix Animator (https://github.com/Netflix/animator).
To determine if your EC2 instances are being launched using approved Amazon Machine Images (AMI), perform the following:
To create golden/approved machine images and enforce your AWS administrators to launch EC2 instances using only these images, perform the following: