EC2 ami lockdown - Githubissues

ScaleSec / terraform_aws_scp

AWS Organizations Service Control Policies (SCPs) written in HashiCorp Terraform.

Other

231 stars 44 forks source link

EC2 ami lockdown #36

Closed jdyke closed 4 years ago

jdyke commented 4 years ago

This PR adds two new SCPs for EC2s around AMI lockdowns.

First SCP requires the AMI be owned by specific account you set.
Second SCP requires the AMI to have a specific Resource tag key / value pair (not case sensitive) in order to launch an EC2.

Both of these SCPs can be combined together or used in addition to other controls for a safe guardrail to launching only approved AMIs.