Ensure that your existing Amazon Machine Images (AMIs) are not older than 180 days in order to ensure their reliability and to meet cloud security and compliance requirements.
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Using up-to-date AMIs to launch your Amazon EC2 instances brings major benefits to your AWS application stack, maintaining your EC2 deployments secure and reliable. You can go even further and automate your old AMI update process with AWS Systems Manager or open-source tools like Packer and Netflix Aminator.
Note: The default value set for the maximum AMI age is 180 days. However, you can change the default threshold for this rule using the Trend Cloud One™ – Conformity console and set your own value for the AMI age based on your needs.
Audit
To determine if you have any outdated (> 180 days) AMIs available within your AWS cloud account, perform the following operations:
Remediation / Resolution
To re-create outdated Amazon Machine Images (AMIs) with up-to-date software, perform the following operations:
Note: As an example, this conformity rule demonstrates how to update an outdated Amazon Linux AMI.References
- AWS Documentation
- Amazon Machine Images (AMI)
- Creating an Amazon EBS-Backed Linux AMI
- Getting Started with Amazon EC2 Linux Instances
- Setting Up with Amazon EC2
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-images
- run-instances
- create-image