Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Validating AMI using hash algorithm?

1

A customer would like to know if they can validate the consistency of an AMI using a hash algorithm (or any other way, really). Their question goes to both AWS-created AMIs and to their own. I believe we use MD5 to validate when copying AMIs across regions, but I've not yet found a method that the customer might use.

Temas
Cálculo
Etiquetas
Amazon EC2
Idioma
English
AWS
Chris_S
preguntada hace 7 años929 visualizaciones
1 Respuesta
1
Respuesta aceptada

As AMIs are stored in a special area of S3, AMIs are by their nature immutable; they are atomic objects which can't be edited bitwise (any editing requires the replacement of the whole object, at which point the AMI ID changes), and S3's own integrity-checking mechanisms continually validate AMI integrity across the multiple copies S3 actually stores.

So, provided the AMI ID hasn't changed, the AMI hasn't, either. This is another area where "we validate and maintain the integrity of customer data, so the customer doesn't have to" :-).

If the customer wants to do their own validation (let's say there's a particular compliance check they need to meet - and if this is the case, we should have a chat with them about their control requirements and the risks they mitigate, in this area) they could restore the AMI to an EC2 instance, and checksum the EBS volumes involved - though this seems like a lot of effort for little risk mitigation.

AWS
EXPERTO
Dave_W
respondido hace 7 años
profile picture
EXPERTO
Sedat Salman
revisado hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante