How does one monitor whether a certain EC2 instance was not launched from a golden AMI or has deviated from a patch configuration of a golden AMI
Customers use golden AMI's such that developers use these golden AMI's for any compute needs. From a security perspective, the golden AMI's are patched up. However how does a customer monitor for any compute instances that are not launched from a certain golden AMI Or whether an certain Ec2 instance has deviated from a patched up AMI
- 最新
- 投票最多
- 评论最多
Your customer can use AWS Config to monitor whether or not AMIs are launched from a pre-approved list of golden AMI images: https://aws.amazon.com/blogs/devops/aws-config-checking-for-compliance-with-new-managed-rule-options/
Then, your customer can use SSM State Manager to detect drift from the golden AMI: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-state.html
Also, they can use a more "out of the box" solution with the new Golden AMI Pipeline: https://aws.amazon.com/blogs/awsmarketplace/announcing-the-golden-ami-pipeline/
相关内容
AWS 官方已更新 7 个月前- AWS 官方已更新 1 年前
