Control: EC2 AMIs should not be shared publicly
A shared AMI is an AMI that a developer created and made available for other developers to use within organisation or carefully shared to other accounts. If AMIs have embedded information about the environment, it could pose a security risk if shared publicly.
Run the control in your terminal:
steampipe check aws_perimeter.control.ec2_instance_ami_prohibit_public_access
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_perimeter.control.ec2_instance_ami_prohibit_public_access
Plugins & Tables
select title as resource, case when public then 'alarm' else 'ok' end as status, case when public then title || ' publicly accessible.' else title || ' not publicly accessible.' end as reason, region, account_idfrom aws_ec2_ami;