Posted On: Mar 20, 2025
Allowed AMIs, an account-wide Amazon EC2 setting that enables you to limit the discovery and use of Amazon Machine Images (AMIs) within your Amazon Web Services accounts, now integrates with Amazon Config. You can now use Amazon Config rules to automatically monitor, detect, and report instances launched using AMIs that have not been allowed by Allowed AMIs.
Prior to today, you had to create custom scripts to monitor instance launches and assess the impact of enabling Allowed AMIs. Now with the integration of Allowed AMIs with Amazon Config, you can track and detect non-compliant instances using the new Amazon Config rule. By leveraging this rule in conjunction with the audit-mode functionality of Allowed AMIs, you can gain valuable insights into your instance launch patterns and identify any potential issues before enforcing stricter controls. This rule scans existing instances and monitors new instance launches, flagging instances launched with unapproved AMIs. This capability enables you to proactively identify and remediate violations before enabling Allowed AMIs in your accounts, simplifying governance across your Amazon Web Services environment.
By default, this rule is disabled for all Amazon Web Services accounts. You can enable it by using the Amazon CLI, SDKs, or Amazon Web Services Console. To learn more, please visit our documentation.
