Preventing AMIs from becoming public

[KevinHock]

I know that https://github.com/ScaleSec/terraform_aws_scp/blob/main/security_controls_scp/modules/ec2/deny_public_ami.tf "Denies users the ability to launch EC2 instances with public AMIs.", but perhaps it's possible to stop it before it is made public.

ModifyImageAttribute is the action, --launch-permission "Add=[{Group=all}]" seems to be the condition.

https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-image-attribute.html#examples

[jdyke]

ModifyImageAttribute does not support condition keys at this time

[KevinHock]

Thank you @jdyke ! ❤️