Reduce potential for WhoAMI cloud image name confusion attack
Description
This policy checks for potential WhoAMI cloud image name confusion attacks by verifying that AWS AMI configurations do not use unspecified owners or overly permissive name patterns. The WhoAMI attack can lead to unintended usage of malicious or untrusted images, potentially compromising the security of the system. It is essential to specify owners and use restrictive name patterns to prevent such attacks. By enforcing these checks, this policy helps prevent supply chain attacks and ensures the integrity of the cloud infrastructure.
Code Example
terraform
data "aws_ami" "example" {
owners = ["amazon"]
most_recent = true
filter {
name = "name"
values = ["amzn-ami-hvm-*-x86_64-gp2"]
}
}Remediation
Specify the owner and use restrictive name patterns for the AWS AMI configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0433 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | aws_ami |
| Checkov ID | CKV_AWS_386 |