Old or Outdated AMIs

AMIs are Machine Images that contain all the information that is needed to launch a new Amazon EC2 instance. They act as an exact copy of another EC2 instances that contains application configuration that will be needed to ensure the EC2 instance functions as it is intended to. When an AMI is created the OS is in its current state and will only have security updates up to that particular point in time. Usually (depending your OS) security updates are released once per month and critical updates can be released on a greater frequency. As time progresses so does the amount of the security updates your OS is missing. This can lead to longer boot times (if you are patching at deployment time) for your EC2 instance or worst, leave you susceptible to an exploitable vulnerability. This is why it is an AMI security best practice to ensure your AMIs are up to date. By having a full inventory of your AMIs in all regions across all accounts will allow you to easily pinpoint where you may have stale or outdated AMIs and ensure you stay compliant with the GDPR framework.

Audit & Remediation



  • Sort your AMIs by Creation Date and look for any AMI that was created over 6 months ago.



  • For each AMI that is older the 6 months, select then choose the button Actions and the choose to Deregister.



  • AMI has now been removed.
  • Repeat all steps in each region to ensure all AMIs are encrypted at rest.
See all certificates in a single place!

Do you want to see all of your ACM certificates in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.


Other Key Features


Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +