Posted On: Sep 13, 2023

Amazon EC2 now supports AMI Block Public Access (BPA), an account-wide setting that allows customers to block public sharing of Amazon Machine Images (AMIs) in a region. Customers managing AMIs at-scale now have a simple and proactive way of safeguarding their AMIs from inadvertent access by unauthorized users.

Prior to AMI BPA, customers had to manually check AMI settings or run custom scripts to detect if their AMIs had been inadvertently made public. Now by enabling the AMI BPA setting within their AWS account, customers can ensure that no new AMI is made public within their AWS account. This blocks unauthorized access to AMIs due to unintended public sharing and prevents their potential misuse. Customers with existing public AMIs can also enable AMI BPA within their AWS accounts to restrict private AMIs in their account from being publicly shared, without impacting existing public AMIs.

AMI BPA is currently disabled by default for all AWS Accounts, and customers can enable AMI BPA through AWS CLI, SDKs or Console.

This feature is now available in all AWS Regions, including the AWS GovCloud (US) Regions and Amazon Web Services China Regions.

Learn more by visiting the AMI Block Public Access documentation here.