All Products
Search
Document Center

Elastic Compute Service:Restrict instance creation to approved images

Last Updated:Jun 29, 2026

Tag approved images and enforce a RAM policy to block instance launches from untagged images.

Security risks

Risk Description
Malicious images Public images from unknown sources may contain malware, mining programs, or backdoors, allowing attackers to gain control of your ECS instances.
Vulnerable images Unmaintained in-house images become an attack vector. Outdated or unpatched images may contain vulnerabilities such as Log4j or Heartbleed.
Improperly configured images Images with insecure defaults — such as unnecessary open ports or weak passwords — carry those risks into every instance launched from them.

Create and tag a golden image

Create a hardened, regularly updated baseline image and tag it as approved. For example:

  • status: approved

  • security-level: trusted

  • environment: production

Important

After tagging an approved image, protect the tags. Deny ecs:DeleteTags, ecs:UntagResources, ecs:CreateTags, and ecs:TagResources on ECS image resources to prevent users from modifying tags. The RAM policy example below includes this deny statement.

Find images with an approved tag

Before you create an instance, find the ImageId of an approved image.

Console

  1. Go to ECS console - images.

  2. In the image list, use the tag filter to find images with the specified tag.

  3. In the Actions column, click Create Instance.

API

  1. Call DescribeImages with Tag.Key and Tag.Value set to your approved tag to retrieve matching image IDs.

  2. Pass the returned ImageId to RunInstances or CreateInstance to create the instance.

Enforce a RAM policy

Use a RAM policy to block instance creation or system disk replacement when the image is not tagged as approved. Apply this policy together with the user's existing ECS permissions. The following policy uses three deny statements:

  • Deny on wrong tag value: Blocks ecs:CreateInstance, ecs:RunInstances, and ecs:ReplaceSystemDisk when the image's environment tag has a value other than production (StringNotEquals).

  • Deny on missing tag: Blocks the same actions when the image has no environment tag at all (Null). Without this rule, untagged images would not be blocked.

  • Deny on tag operations: Blocks all tag operations (ecs:DeleteTags, ecs:UntagResources, ecs:CreateTags, ecs:TagResources) on ECS image resources to prevent tag-based bypass.

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": [
        "ecs:CreateInstance",
        "ecs:RunInstances",
        "ecs:ReplaceSystemDisk"
      ],
      "Resource": "acs:ecs:*:*:image/*",
      "Condition": {
        "StringNotEquals": {
          "acs:ResourceTag/environment": "production"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": [
        "ecs:CreateInstance",
        "ecs:RunInstances",
        "ecs:ReplaceSystemDisk"
      ],
      "Resource": "acs:ecs:*:*:image/*",
      "Condition": {
        "Null": {
          "acs:ResourceTag/environment": "true"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": [
        "ecs:DeleteTags",
        "ecs:UntagResources",
        "ecs:CreateTags",
        "ecs:TagResources"
      ],
      "Resource": "acs:ecs:*:*:image/*"
    }
  ]
}

For enterprise users

  1. Log on to the Resource Directory console. In the left menu, click Control Policies, then create a custom policy with the JSON above.

  2. In the resource directory, select the target node and attach the policy. The policy takes effect for all accounts under that node.

For non-enterprise users

  1. Log on to the RAM console. In the left menu, click Policies, then create a custom policy with the same JSON.

  2. Attach the policy to RAM users, RAM user groups, or RAM roles. See Manage policy-based authorization.

Remediate non-compliant instances

If instances were launched before the policy took effect, bring them into compliance.

  • If the image still exists and you control it: add the required tag.

  • If the image was deleted or is from an untaggable external source: replace or terminate the affected instances.