AMI (Amazon Machine Images) not in use (12 months)

AWS Cost Optimization

To ensure reliability and comply with security requirements, it is important to verify that your current Amazon Machine Images (AMIs) are no older than 12 months. By using current AMIs to launch EC2 instances, you can greatly benefit your AWS application stack by maintaining secure and dependable EC2 deployments.


When dealing with Amazon Machine Images (AMIs) that are older than 12 months, it is important to take remediation steps to ensure that the AMIs are up-to-date, secure, and compliant with any relevant policies or regulations. Here are some steps you can take:

  1. Review the AMI's configuration and dependencies: Review the configuration and dependencies of the AMI to identify any outdated or vulnerable components. Check if any operating system or software updates are available.
  2. Update the AMI: Update the AMI with the latest patches and updates to ensure that it is up-to-date and secure. You can also use automated tools like AWS Systems Manager to perform updates across multiple instances.
  3. Run security scans: Run security scans on the AMI to identify any potential security vulnerabilities or compliance issues.
  4. Test the AMI: After updating and scanning the AMI, test it to ensure that it is functioning properly.
  5. Update the associated infrastructure: Update any infrastructure that uses the AMI to ensure that it is compatible with the updated AMI.
  6. Delete any unused AMIs: If you have any old, unused AMIs, delete them to reduce the risk of security issues and to save on storage costs.
  7. Automate the process: Automate the process of updating and scanning AMIs to ensure that they stay up-to-date and secure.

By taking these remediation steps, you can ensure that your AMIs are secure, up-to-date, and compliant with any relevant policies or regulations.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.