If the “owners” attribute is omitted when searching for an AMI, the researchers noted, AWS may return results that include public community AMIs from any account. Attackers can exploit this by publishing a malicious AMI with a matching name and newer timestamp, tricking automated infrastructure-as-Code (IaC) tools like Terraform into selecting a compromised image.
Victims are vulnerable only if they use the ec2.DescribeImages API with a name filter, omit the “owners” attribute, and select the most recent AMI, increasing the risk of deploying a compromised instance.
Amazon fixed the problem
Through the AWS Vulnerability Disclosure Program (VDP), researchers found that AWS’s own internal non-production systems were vulnerable, potentially allowing attackers to execute code within AWS infrastructure. The issue was disclosed and promptly fixed in September 2024.