Create A Store Image Task

By Ashwin Venugopal -

 






Introduction

When you save an AMI in an S3 bucket, a task for storing the image is initiated. This store image task allows you to track the progress and result of the procedure.

Securing your AMIs

It is crucial to verify that the S3 bucket is set up with adequate security to protect the content of the AMI and that this security is upheld for the entire duration that the AMI objects are stored in the bucket. If this cannot be achieved, it is advisable to refrain from using these APIs. Make sure that public access to the S3 bucket is prohibited. It is suggested to activate Server-side encryption for the S3 buckets where you keep the AMIs, even though it’s not mandatory.

When AMI snapshots are transferred to the S3 object, they are sent over TLS connections. It is possible to save AMIs that contain encrypted snapshots; however, the snapshots will be decrypted during the storing process.

Identify the source AMI used to create a new Amazon EC2 AMI

You can determine the AMI that was used as the source for creating a new AMI by looking at the Source AMI ID in the console or the sourceImageId field in the AWS CLI. This field shows the ID of the original AMI that was copied to generate the new AMI.

Additionally, you can find the Region where the source AMI was situated by checking the Source AMI Region in the console or the sourceImageRegion field in the AWS CLI.

Considerations

  • The ID and Region of the source AMI only appear if the AMI was created by using the following API commands:

  1. CreateImage- Creates an AMI from an instance.
  2. CopyImage- Copies an AMI within the same Region or across Regions in the same partition.
  3. CreateRestoreImageTask- Copies an AMI to another partition.

  • If the AMI was created with any other API command, the ID and Region of the source AMI don't appear.

  • For some older AMIs, the ID and Region of the source AMI might not be available.

  • If the source AMI has been deleted, the ID and Region fields of the source AMI still appear on the new AMI.

  • For AMIs created by using CreateImage (creates an AMI from an instance), the source AMI ID is the ID of the AMI used to launch the instance.

Check When an Amazon EC2 AMI Was Last Used

Amazon EC2 keeps a record of the date and time an AMI was last utilized to start an instance. If you possess an AMI that hasn’t been used to launch an instance for an extended period, think about whether it's suitable for deregistration or deprecation.

Considerations

  • When an AMI is used to launch an instance, there is a 24-hour delay before that usage is reported.

  • You must be the owner of the AMI to get the last launched time.

  • AMI usage data is available starting April 2017.

 Conclusion

A story image task is created with the help of above methods. 
























Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more

Deployment (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 3, please click  here Microsoft Sentinel Content Hub Content in Microsoft Sentinel includes any of the following types: Data connectors offer log ingestion from different sources into Microsoft Sentinel. Parsers give log formatting/transformation into ASIM formats, supporting usage across various Microsoft Sentinel content types and scenarios. Workbooks provide monitoring, visualization, and interactively with data in Microsoft Sentinel, highlighting meaningful insights for users.  Analytics rules give alerts that point to relevant SOC actions via incidents.  Hunting Queries are used by SOC teams to proactively hunt for threats in Microsoft Sentinel. Notebooks help SOC teams in using advanced hunting features in Jupyter and Azure Notebooks. Watchlists support the ingestion of specific data for enhanced threat detection and reduced alert fatigue.  Playbooks and Azure Logic Apps Custom Connectors provide featu...
Read more