approved-amis-by-tag - AWS Config

approved-amis-by-tag

Checks if running instances are using specified AMIs. Specify a list of approved AMI IDs. Running instances with AMIs that are not on this list are NON_COMPLIANT.

Identifier: APPROVED_AMIS_BY_TAG

Trigger type: Configuration changes

AWS Region: All supported AWS regions

Parameters:

amisByTagKeyAndValue
Type: StringMap
Default: tag-key:tag-value,other-tag-key

The AMIs by tag (comma-separated list up to 10; for example,tag-key:tag-value; i.e. tag-key1 matches AMIs with tag-key1,tag-key2:value2 matches tag-key2 having value2).

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.