AMI Shared With Multiple Accounts

  • Query id: ba4e0031-3e9d-4d7d-b0d6-bd8f003f8698
  • Query name: AMI Shared With Multiple Accounts
  • Platform: Terraform
  • Severity: Medium
  • Category: Access Control
  • CWE: 284
  • URL: Github

Description

Limits access to AWS AMIs by checking if more than one account is using the same image
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_ami_launch_permission" "positive1" {

  image_id   = "ami-1235678"
  account_id = "12345600012"

}


resource "aws_ami_launch_permission" "positive2" {

  image_id   = "ami-1235678"
  account_id = "123456789012"

}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_ami_launch_permission" "negative1" {
  image_id   = "ami-12345678"
  account_id = "123456789012"
}


resource "aws_ami_launch_permission" "example" {
  image_id   = "ami-12345680"
  account_id = "12345672"
}