How does one monitor whether a certain EC2 instance was not launched from a golden AMI or has deviated from a patch configuration of a golden AMI
Customers use golden AMI's such that developers use these golden AMI's for any compute needs. From a security perspective, the golden AMI's are patched up. However how does a customer monitor for any compute instances that are not launched from a certain golden AMI Or whether an certain Ec2 instance has deviated from a patched up AMI
- Newest
- Most votes
- Most comments
Your customer can use AWS Config to monitor whether or not AMIs are launched from a pre-approved list of golden AMI images: https://aws.amazon.com/blogs/devops/aws-config-checking-for-compliance-with-new-managed-rule-options/
Then, your customer can use SSM State Manager to detect drift from the golden AMI: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-state.html
Also, they can use a more "out of the box" solution with the new Golden AMI Pipeline: https://aws.amazon.com/blogs/awsmarketplace/announcing-the-golden-ami-pipeline/
Relevant content
- asked 10 months ago
- asked 2 years ago
- Accepted Answerasked 2 months ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 10 months ago
