Posted On: Sep 13, 2023

Amazon EC2 now supports AMI Block Public Access (BPA), an account-wide setting that allows customers to block public sharing of Amazon Machine Images (AMIs) in a region. Customers managing AMIs at-scale now have a simple and proactive way of safeguarding their AMIs from inadvertent access by unauthorized users.

Prior to AMI BPA, customers had to manually check AMI settings or run custom scripts to detect if their AMIs had been inadvertently made public. Now by enabling the AMI BPA setting within their Amazon Web Services account, customers can ensure that no new AMI is made public within their account. This blocks unauthorized access to AMIs due to unintended public sharing and prevents their potential misuse. Customers with existing public AMIs can also enable AMI BPA within their Amazon Web Services accounts to restrict private AMIs in their account from being publicly shared, without impacting existing public AMIs.

AMI BPA is currently disabled by default for all Amazon Web Services accounts, and customers can enable AMI BPA through Amazon CLI, SDKs or Amazon Web Services Console.

This feature is now available in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD.

Learn more by visiting the AMI Block Public Access documentation here.