Amazon EC2

Unused Amazon Machine Images

This plugin ensures that all Amazon Machine Images are in use to ensure cost optimization

Risk Level: Low

Description

This plugin ensures that all Amazon Machine Images are in use to ensure cost optimization. Unused/deregistered images can add to the cost of the account and therefore it is recommended to delete such AMIs.

About the Service

Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. With the EC2 instance, you can launch as many virtual servers as you need, configure security and networking, and manage storage without worrying about the hardware needs of the process. Security Groups act as a firewall for an EC2 instance to control the incoming and outgoing traffic. You can read more about security groups here.

Impact

Amazon Machine Images are used to create instances or can also be used to create launch templates. Unused AMIs can create an extra cost for the account. It is recommended to delete unused AMIs.

Steps to Reproduce

Using AWS Console-

  1. Log In to your AWS Console.
  2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
  3. Move to the AMIs in the Images section from the left navigation pane.
  4. A list of AMIs in the region will appear. Mark the AMI Id of the AMI you wish to examine. An AMI can be used in two ways- EC2 instance or Launch Template. We shall investigate the usage of both possibilities.
  5. Now, move to the Launch Templates section from the left navigation pane.
  6. A list of Launch Templates will be displayed. Select one by clicking on its Launch Template ID
  7. In the Details tab, move to the Instance Details tab.
  8. Check the AMI ID. If it is the same as the one you were looking for, the vulnerability does not exist.
  9. Repeat the steps for other templates as well.
  10. Next, we will check if the AMI is used for an instance. Move to the Instances section from the left navigation pane.
  11. Select the instance you wish to check by clicking on its Instance ID.
  12. In the Details tab, check the AMI ID.  If it is the same as the one you were looking for, the vulnerability does not exist.
  13. Repeat steps for other instances as well.
  14. Repeat steps for all the AMIs you want to investigate.

Steps for Remediation

Delete the unused/deregistered AMIs:

  1. Log In to your AWS Console.
  2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
  3. Move to the AMIs in the Images section from the left navigation pane.
  4. A list of AMIs in the region will appear. Select the vulnerable AMI by clicking on the checkbox next to it.
  5. From the Actions drop-down menu, select the Deregister option.
  6. Repeat steps for all the vulnerable AMIs.