AWS Config Rule: AMIs Block Public Access
AMI_BLOCK_PUBLIC_ACCESS
Eduardo Van Cauteren
Last Update 7 เดือนที่แล้ว
Description: Checks whether Image Block Public Access state for AMIs is set to 'block-new-sharing'. The rule is NON_COMPLIANT if the resource is configured as 'unblocked'. Note that AMIs that are already publicly shared, remain publicly shared.
Trigger type: Configuration changes
AWS Region: All supported AWS regions
How to Resolve Manually
This config rule checks whether you are blocking the public access for AMIs at the account level to prevent the public sharing of your AMIs in this Region.
In order to make this rule compliant, head on over to EC2 Dashboard and, within Account attributes card located at the right, click on Data protection and security.
Once there, locate the Block public access for AMIs card and click on Manage button to ensure that Block new public sharing option is checked. Look at the following screenshot for reference:
Note that after enabling the feature, the request can take up to 10 minutes to be configured.
How to Resolve With StackZone
You can resolve non-compliant resources with StackZone by enabling the Remediation to this AWS Config Rule
This remediation by StackZone will ensure you are blocking the public access for AMIs at the account level automatically.
You can enable this by heading over to the Provisioning Module in the StackZone Console. From there, go to to Baseline Services > AWS Config Rules Regional > EC2 and enable EC2 AMIs Block Public Access Remediation.
Notice that enabling the Automatic Remediation toggle, the automation will automatically take action of the non-compliant resources found. Keep it disabled if you only want deploy the remediation to manually apply it on certain resources.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
