What is Amazon EC2 – Part 6: Amazon Machine Images (AMI)

by Alexander Weiß

In one of my previous blog posts I described how to create an instance. One of the first decisions you have to make is to choose an Amazon Machine Image. To help you understand the concept of AMIs and their special features I compiled a short post about them.

Plainly stated, Amazon Machine Images are nothing more than preconfigured operating systems. Besides the operating system an AMI needs a virtual-application software. It is used by Amazon EC2 to manage the machine and should come preinstalled with the AMI. An AMI is the basic unit of deployment in EC2 and serves as the service delivery platform.

You can create AMIs by yourself – I’ll cover this topic in a later post – but you can also use preconfigured ones. Amazon has a Website which lists many AMIs.

What is Amazon EC2 - List of AMIs

What is Amazon EC2 – List of AMIs

Some of the AMIs you’ll find on this website are created by Amazon, but most of them are provided by a third party. As Amazon does not check these AMIs for potential security risks they can become a security threat for your company.

Secure use of AMIs

Amazon clearly states on the AMI website, that you use an AMI at your own risk. So it is a very good idea to restrict yourself and only use AMIs from sources you completely trust. For every AMI there is a detailed website with information about the provider of the AMI. If you only want to use AMIs created by Amazon, you have to look for the provider “Amazon Web Services”.

What is Amazon EC2 - Information about AMIs

What is Amazon EC2 – Information about AMIs

If you need to use an AMIs from a source which is not fully trustworthy you should definitely perform a full security audit. Because everybody can offer an AMI, an AMI has to be treated as any other foreign code. Here’s a short to-do list. The list only includes what is absolutely necessary to check if you run third party AMIs:

–        You should check the forums. Probably you can find some valuable information about the AMI. It is also a good place to post any questions you have

–        Check the SSH authorized key file. There should only be one key in it and the key should match the one you used to start the instance

–        Make sure there are no unwanted or suspicious ports open or running services

–        If the root password is not randomized at startup change it

–        Make sure that root log in is disabled in the SSH configuration

–        Check the cron jobs

–        Verify that there are no unnecessary user accounts. Especially those with elevated permissions need a closer inspection

How to find the desired AMI

At the time I wrote this article there were more than 1400 AMIs available on the Amazon website.  Manually browsing through the list would be a tedious task, but a possibility to search the list seems to be missing. You can use the website search and narrow down the search results by using the filter AMI, but that is no great help either:

What is Amazon EC2 - Search filter for AMIs

What is Amazon EC2 – Search filter for AMIs

I hope Amazon improves the search and adds some additional filter options, because launching an instance directly from the website is a very neat feature.

What is Amazon EC2 - Launch an AMI directly from the Website

What is Amazon EC2 – Launch an AMI directly from the Website

I have covered more and more aspects about Amazon EC2 but one important part is missing: the command line. The command line is a very powerful aspect of EC2, and many features are only available through it. So be prepared for my next series about the EC2 command line.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)