🔥 3-day streak
AWS Certified Security - Specialty17 / 157
Question 17 of 157
A financial services company runs a large AWS Organization with 200+ accounts managed via AWS Control Tower. The security team has discovered that development teams occasionally launch EC2 instances from unvetted, publicly shared Amazon Machine Images (AMIs), introducing software supply chain risk. Leadership requires a solution that PREVENTS the launch of any instance from an AMI unless the AMI is owned by a designated internal 'golden image' account. The control must be enforced organization-wide and cannot be bypassed by account administrators, including those with full EC2 permissions. Which approach meets these requirements?
Reviewed for accuracy · Report an issueNext question