Mfcttrf

Skipping same old introductions

A conjectural trigonometric identity

How to structure presentation to avoid getting questions that will be answered later in the presentation?

Can it be useful for a player block with a hanging piece in a back rank mate situation?

Applying for mortgage when living together but only one will be on the mortgage

Is this popular optical illusion made of a grey-scale image with coloured lines?

Is it really a problem to declare that a visitor to the UK is my "girlfriend", in terms of her successfully getting a Standard Visitor visa?

How do I respond appropriately to an overseas company that obtained a visa for me without hiring me?

Gold Battle KoTH

Word for pulling a punch in karate

Why are prop blades not shaped like household fan blades?

Does the use of a new concept require a prior definition?

How to power down external drive safely

Why did the United States not resort to nuclear weapons in Vietnam?

How to get maximum number that newcount can hold?

How to trick a fairly simplistic kill-counter?

Why is “deal 6 damage” a legit phrase?

How does Asimov's second law deal with contradictory orders from different people?

How to set Adobe DC PDF reader as default for ALL pdfs without having to open security preferences every time

Is Norway in the Single Market?

How does a wallet generate a public key from an address?

Is it moral to remove/hide certain parts of a photo, as a photographer?

Pre-Greek θάλασσα "thalassa" and Turkish talaz

Should 2FA be enabled on service accounts?

Who's behind community AMIs on Amazon EC2?

AMIs in Amazon EC2Is there a place to get popular AMIs for Amazon EC2?Amazon EC2 terminology - AMI vs. EBS vs. Snapshot vs. VolumeAmazon Linux vs. Ubuntu for Amazon EC2Are AWS EC2 AMIs automatically shared as community AMIs?1 EC2 instance per website - manage multiple websites on Amazon cloud using EC2Delete Amazon EC2 terminated instanceUbuntu 14.04 Server HVM with EBS Free Tier AMIHow can I have trust in a Community AMI offered on Amazon EC2Which AMI for remote graphics processing on Windows?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

5

I've been using AWS for years, but have never ventured outside the Quick Start and AWS Marketplace sections when launching an EC2 instance.

The AMIs from the AWS Marketplace look trustable, they have a link to the seller profile, etc.:

Compare this to community AMIs, that seem to appear out of thin air, with no information whatsoever on who the heck created and uploaded it:

How to know where a Community AMI comes from? Can these be trusted?

amazon-web-services amazon-ec2 amazon-ami

share|improve this question

asked 10 hours ago

BenjaminBenjamin

2,17966 gold badges3636 silver badges6767 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I know this isn't your question, but if you're looking for hardened images from a reputable source look at the CIS Hardened Images. They have images for most large cloud providers.
  
  – Tim
  1 hour ago
  

  
  
  
  

add a comment | 

5

I've been using AWS for years, but have never ventured outside the Quick Start and AWS Marketplace sections when launching an EC2 instance.

The AMIs from the AWS Marketplace look trustable, they have a link to the seller profile, etc.:

Compare this to community AMIs, that seem to appear out of thin air, with no information whatsoever on who the heck created and uploaded it:

How to know where a Community AMI comes from? Can these be trusted?

amazon-web-services amazon-ec2 amazon-ami

share|improve this question

asked 10 hours ago

BenjaminBenjamin

2,17966 gold badges3636 silver badges6767 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I know this isn't your question, but if you're looking for hardened images from a reputable source look at the CIS Hardened Images. They have images for most large cloud providers.
  
  – Tim
  1 hour ago
  

  
  
  
  

add a comment | 

I've been using AWS for years, but have never ventured outside the Quick Start and AWS Marketplace sections when launching an EC2 instance.

The AMIs from the AWS Marketplace look trustable, they have a link to the seller profile, etc.:

Compare this to community AMIs, that seem to appear out of thin air, with no information whatsoever on who the heck created and uploaded it:

How to know where a Community AMI comes from? Can these be trusted?

amazon-web-services amazon-ec2 amazon-ami

share|improve this question

asked 10 hours ago

BenjaminBenjamin

2,17966 gold badges3636 silver badges6767 bronze badges

share|improve this question

asked 10 hours ago

BenjaminBenjamin

2,17966 gold badges3636 silver badges6767 bronze badges

share|improve this question

asked 10 hours ago

BenjaminBenjamin

2,17966 gold badges3636 silver badges6767 bronze badges

asked 10 hours ago

BenjaminBenjamin

2,17966 gold badges3636 silver badges6767 bronze badges

asked 10 hours ago

BenjaminBenjamin

2,17966 gold badges3636 silver badges6767 bronze badges

1 Answer
1

active

oldest

votes

7

Any AWS user can create a community AMI by making it public and shared with everyone. So the answer is just about anyone could have created that community AMI.

While many are probably fine, you cannot trust them by default, in my opinion.

Regarding the specific creator of the AMI in question, it appears that the only user-specific information available is the OwnerId field, which is the AWS account ID of the image owner.

Here's an example AWS Cli command to get that information:

aws ec2 describe-images --image-ids ami-gs5mba4yp26bsyx57

(Replace "gs5mba4yp26bsyx57" with the ami id you want to examine.)

This will return a lot of information about the image, including the OwnerId field.

share|improve this answer

edited 7 hours ago

answered 7 hours ago

vjonesvjones

48144 silver badges88 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the pointer. So as I understand it, anyone can put anything in there, without any verification from AWS, so these images cannot be trusted, and there is absolutely no way to know who created them?
  
  – Benjamin
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So far as I can tell, you can only determine the Account ID of the creator. I added this information to my answer.
  
  – vjones
  7 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f977835%2fwhos-behind-community-amis-on-amazon-ec2%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

7

Any AWS user can create a community AMI by making it public and shared with everyone. So the answer is just about anyone could have created that community AMI.

While many are probably fine, you cannot trust them by default, in my opinion.

Regarding the specific creator of the AMI in question, it appears that the only user-specific information available is the OwnerId field, which is the AWS account ID of the image owner.

Here's an example AWS Cli command to get that information:

aws ec2 describe-images --image-ids ami-gs5mba4yp26bsyx57

(Replace "gs5mba4yp26bsyx57" with the ami id you want to examine.)

This will return a lot of information about the image, including the OwnerId field.

share|improve this answer

edited 7 hours ago

answered 7 hours ago

vjonesvjones

48144 silver badges88 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the pointer. So as I understand it, anyone can put anything in there, without any verification from AWS, so these images cannot be trusted, and there is absolutely no way to know who created them?
  
  – Benjamin
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So far as I can tell, you can only determine the Account ID of the creator. I added this information to my answer.
  
  – vjones
  7 hours ago
  

  
  
  
  

add a comment | 

7

Any AWS user can create a community AMI by making it public and shared with everyone. So the answer is just about anyone could have created that community AMI.

While many are probably fine, you cannot trust them by default, in my opinion.

Regarding the specific creator of the AMI in question, it appears that the only user-specific information available is the OwnerId field, which is the AWS account ID of the image owner.

Here's an example AWS Cli command to get that information:

aws ec2 describe-images --image-ids ami-gs5mba4yp26bsyx57

(Replace "gs5mba4yp26bsyx57" with the ami id you want to examine.)

This will return a lot of information about the image, including the OwnerId field.

share|improve this answer

edited 7 hours ago

answered 7 hours ago

vjonesvjones

48144 silver badges88 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the pointer. So as I understand it, anyone can put anything in there, without any verification from AWS, so these images cannot be trusted, and there is absolutely no way to know who created them?
  
  – Benjamin
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So far as I can tell, you can only determine the Account ID of the creator. I added this information to my answer.
  
  – vjones
  7 hours ago
  

  
  
  
  

add a comment | 

Any AWS user can create a community AMI by making it public and shared with everyone. So the answer is just about anyone could have created that community AMI.

While many are probably fine, you cannot trust them by default, in my opinion.

Regarding the specific creator of the AMI in question, it appears that the only user-specific information available is the OwnerId field, which is the AWS account ID of the image owner.

Here's an example AWS Cli command to get that information:

aws ec2 describe-images --image-ids ami-gs5mba4yp26bsyx57

(Replace "gs5mba4yp26bsyx57" with the ami id you want to examine.)

This will return a lot of information about the image, including the OwnerId field.

share|improve this answer

edited 7 hours ago

answered 7 hours ago

vjonesvjones

48144 silver badges88 bronze badges

aws ec2 describe-images --image-ids ami-gs5mba4yp26bsyx57

share|improve this answer

edited 7 hours ago

answered 7 hours ago

vjonesvjones

48144 silver badges88 bronze badges

answered 7 hours ago

vjonesvjones

48144 silver badges88 bronze badges

answered 7 hours ago

vjonesvjones

48144 silver badges88 bronze badges