Ensure that all EC2 instances provisioned in your AWS account are launched from approved Amazon Machine Images (AMIs) only and not from blacklisted AMIs in order to enforce security at application stack level. Prior to running this rule by the Cloud Conformity engine, you need to compile a list with the blacklisted AMIs by using the rule settings available on the Cloud Conformity Console.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Blacklisting unwanted or compromised AMIs within you AWS account allows you to prevent specific security issues from reaching into your application stack and enforce the EC2 provisioning process to use only approved AMIs.
To determine if there are any EC2 instances launched from blacklisted Amazon Machine Images within your account, perform the following:
To relaunch an EC2 instance that was built from a blacklisted Amazon Machine Image, perform the following actions: