Amazon EC2 now supports Block Public Access for AMI’s
AWS added a way to protect your AMIs from being shared publicly. You can enable Block Public Access for AMIs. This is an account-level setting, but you must enable it in each AWS region where you want to keep your AMIs private.AMI BPA is currently disabled by default for all AWS Accounts, and customers can enable AMI BPA through AWS CLI, SDKs or Console.
If this setting is enabled, you won’t be able to make any AMIs public. However, if you already have public AMIs, they won’t be affected. If you need to share AMIs publicly, turn off Block Public Access, share, and then reverse.
This is a good way to make sure that your AMIs are not shared publicly by mistake (if someone is still using this way of sharing AMIs)
Demo:
In Top-Right Corner their is table labled Account attributes, In settings select very first option named Data Protection and Security
Scroll down !
Click Manage and check box if you want to block public share
Required IAM permissions
To use block public access for AMIs, you must have the following IAM permissions:
EnableImageBlockPublicAccess
DisableImageBlockPublicAccess
GetImagePublicAccessState
AWS CLI Command:
Enable:
aws ec2 enable-image-block-public-access \
--region "your region here" \
--image-block-public-access-state block-new-sharing
Disable:
aws ec2 disable-image-block-public-access --region "Your region here"
For More Read Documentation here: