AMI Shared With Multiple Accounts
- Query id: a19b2942-142e-4e2b-93b7-6cf6a6c8d90f
- Query name: AMI Shared With Multiple Accounts
- Platform: Ansible
- Severity: Medium
- Category: Access Control
- CWE: 284
- URL: Github
Description¶
Limits access to AWS AMIs by checking if more than one account is using the same image
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Update AMI Launch Permissions, making it public
amazon.aws.ec2_ami:
image_id: "{{ instance.image_id }}"
state: present
launch_permissions:
group_names: ['all']
- name: Allow AMI to be launched by another account
amazon.aws.ec2_ami:
image_id: "{{ instance.image_id }}"
state: present
launch_permissions:
user_ids: ['123456789012', '121212']