Security Guidance for AMI Developers
Use the guidelines in this section to ensure that your AMI meets AWS Marketplace security requirements.
Creating an AMI
- Create custom AMIs from existing, well-maintained EBS-backed AMIs with a clearly defined life-cycle provided by trusted, reputable sources.
- Develop a repeatable process for building, updating, and republishing AMIs.
- Before you build the image, configure a running instance that conforms to the customer experience that you want.
- After you build the image, run it in the Amazon EC2 environment to check such things as installation, features, and performance.
- Build AMIs using the most up-to-date operating systems, packages, and software.
Securing an AMI
- Ensure that your AMI does not include user accounts without passwords or user accounts with default passwords.
- Generate passwords using a service that creates a unique password or key for each user and sends the password directly to the user or create a forcing function for the user to change the password.
- Whenever possible, use end-to-end encryption for network traffic. For example, use Secure Socket Layer (SSL) to secure HTTP sessions between you and your customers. Ensure that your service uses only valid and up-to-date certificates.
- Use security groups to control inbound traffic access to your instance. Ensure that your security groups are configured to allow access only to the minimum set of ports required to provide necessary functionality for your services. In addition, allow administrative access only to the minimum set of ports and source IP address ranges necessary.
- Architect your AMI to deploy as a minimum installation to reduce the attack surface. You should disable or remove unnecessary services and programs.
- Disable the remote root login for sshd (SSH daemon). Require all users to SSH in using their standard username. If they need to access root privileges, they should use the sudo command. Sudo allows you to control which users are allowed to perform root functions and logs the activity so that there is an audit trail.
- SSH access for user accounts should be accomplished by generating security keys for each user. Do not provide users with simple password-based accounts on the instance. Generate security keys for each user to enable SSH access to the instance.
- Please ensure sensitive information, such as passwords or secret key material, are never written in cleartext to places such as logs, tags, or the console. For Windows, the Ec2Config service configuration should be reviewed to ensure it meets your security policy.
- Limit access to the ports used for administrative access by allowing in only the range of IP addresses that have a valid reason for accessing the system, for example, the range of IP addresses in your company or organization.
- Be aware of the top 10 vulnerabilities for web applications and build your applications accordingly. To learn more, visit Open Web Application Security Project (OWASP) - Top 10 Web Application Security Risks. When new Internet vulnerabilities are discovered, promptly update any web applications that ship in your AMI. Examples of resources that include this information are SecurityFocus and the NIST National Vulnerability Database.
Preparing an AMI for submission to AWS Marketplace
- Before submitting an AMI on AWS Marketplace, we recommend that you do your best to verify that the image is free of known vulnerabilities and malware. A number of tools are available for this purpose, such as Chkrootkit, rkhunter, and Nessus.
- After testing, ensure that you remove all user credentials from the system by removing all users, accounts, passwords, keys, and documents used in testing--wherever such items might be stored.
- Before submitting your product on AWS Marketplace, ensure that you have removed all SSH keys that you used for test purposes. Sometimes SSH keys are stored in multiple places in the AMI. Check that you have located and deleted all SSH keys that you do not intend to ship in the AMI.
- Never include software in your AMI that collects and exports customer data without the customer’s knowledge and express consent.
Maintaining an AWS Marketplace AMI
- Once your AMI is published, have a process in place to monitor for vulnerabilities and security updates to software deployed in the AMI. Ensure that the running instances based on your AMIs are updated frequently, particularly when new updates become available.
- Periodically rebuild your AMI with the latest updates so that newly-created instances based on the AMIs will have the most recent patches. For more information about updating a listing on AWS Marketplace, see the section “Updates and Price Changes” in this guide.
- Consider performing a penetration test against your AWS computing environment at regular intervals. Or, consider employing a third party to conduct such tests on your behalf. To learn more, see AWS Penetration Testing (includes a penetration testing request form).
Additional Information for Linux/UNIX Developers
For an easier update experience, start with a public AMI that uses the PV-GRUB Amazon Kernel Image (AKI). Using PV-GRUB, you can change the kernel on a running instance of your AMI.
Note: PV-GRUB is not the default AKI; you’ll need to look for an AMI that specifically uses the PV-GRUB version of an AKI. To learn more, see Enabling User Provided Kernels in Amazon EC2.
Amazon Web Services (AWS) Resources
- AWS Security Center
- AWS Penetration Testing (includes a penetration testing request form)
- AWS Security Best Practices
- AWS Overview of Security Processes
- The Center for Internet Security (CIS): Security Benchmarks
- The Open Web Application Security Project (OWASP): Secure Coding Practices Quick Reference Guide
Mistakes to Avoid
- OWASP Top 10 Web Application Security Risks
- SANS (SysAdmin, Audit, Networking, and Security) Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors