-1

I have an AMI that I am trying to put on AWS Marketplace. During this process, amazon scans the AMI for potential security vulnerabilities. The scan found several in my AMI.

How can I fix them?

Do i:

  • Delete the current AMI, go back to the EC2 instance from which the AMI was created, make the changes and create a new AMI?
  • Or Can I somehow start the current AMI, SSH into it and make the necessary changes?
Anthony
  • 33,838
  • 42
  • 169
  • 278

1 Answers1

3

The best practice is to build a repeatable process for creating your AMIs from a base operating system image (typically AWS Linux, Ubuntu, etc.). The reason is that you have many more updates ahead of you:

  • You might not succeed at fixing the identified issues completely to Amazon's satisfaction
  • Future scans may find new, different issues
  • AWS Marketplace staff will manually check some things with your AMI
  • You might find your own bugs
  • You will eventually want to deploy new software versions

Yes, you could launch an instance from your your image, modify it, save it, and make a new image. It might be worth doing that to learn something about the AMI scanning criteria.

But you would not make any progress towards a reliable, repeatable image building flow. I strongly recommend looking into tools like Packer that can help you automate the AMI building process.

James
  • 11,721
  • 2
  • 35
  • 41