AWS AMI launch permissions are not limited
Description
It is recommended not to give the ability to launch AMIs across multiple accounts, and if it is implemented, make sure it is properly used.
Code Example
go
- resource "aws_ami_launch_permission" "remove_equivalent_block" {
- image_id = "ami-2345678"
- account_id = "987654321"
- }Remediation
TBA === Fix - Buildtime
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0253 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AWS_205 |