Security researchers at DataDog uncovered a vulnerability called "whoAMI," which lets attackers gain code execution in AWS accounts by publishing an Amazon Machine Image (AMI) with a carefully crafted name.
The attack occurs when organizations fail to specify an AMI owner in their AWS queries, allowing attackers to insert malicious AMIs that resemble legitimate ones and trick automated selection processes.
Despite Amazon patching the issue in September 2024, many organizations remain vulnerable due to outdated configurations, with DataDog estimating thousands of AWS accounts at risk.
To mitigate the risk, Amazon introduced the 'Allowed AMIs' security control in December 2024, enabling customers to restrict AMIs to trusted sources.
AWS also advises users to always specify AMI owners when using the ec2:DescribeImages API and to enable the 'Allowed AMIs' feature for additional protection.
Terraform 5.77 now warns users when the "most_recent=true" setting is used without an owner filter, with stricter enforcement planned in version 6.0.
Administrators should audit their configurations, update AMI retrieval methods, and use AWS Audit Mode to detect and block unauthorized AMIs.
