prowler icon indicating copy to clipboard operation
prowler copied to clipboard
verified publisher icon prowler-cloud

feat(aws): add new check `ec2_instance_with_outdated_ami`

Open HugoPBrito opened this issue 10 months ago • 1 comments

Context

Amazon EC2 (Elastic Compute Cloud) allows users to launch virtual machines, known as instances, using pre-configured templates called Amazon Machine Images (AMIs). An AMI includes the operating system, application software, and configuration settings required to run an instance.

Over time, some AMIs become deprecated. A deprecated AMI is an image that is no longer recommended for use. While it is still available for launching instances if its ID is known, it does not appear in public searches. Deprecated AMIs may no longer receive security updates, making them a potential risk if used for new instances.

Description

This check identifies EC2 instances running outdated or deprecated AMIs. It retrieves the AMI used by each instance and verifies if it has been deprecated.

Checklist

  • Are there new checks included in this PR? Yes.
    • If so, do we need to update permissions for the provider? No.
  • [x] Review if the code is being covered by tests.
  • [x] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
  • [x] Review if backport is needed.
  • [x] Review if is needed to change the Readme.md

API

  • [ ] Verify if API specs need to be regenerated.
  • [ ] Check if version updates are required (e.g., specs, Poetry, etc.).
  • [ ] Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

HugoPBrito avatar Feb 12 '25 18:02 HugoPBrito

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 87.99%. Comparing base (035293b) to head (8c07957). :warning: Report is 2 commits behind head on master.

Additional details and impacted files 
@@             Coverage Diff             @@
##           master    #6910       +/-   ##
===========================================
+ Coverage   75.64%   87.99%   +12.35%     
===========================================
  Files          72      902      +830     
  Lines        5071    28466    +23395     
===========================================
+ Hits         3836    25049    +21213     
- Misses       1235     3417     +2182
Flag Coverage Δ
prowler 87.99% <100.00%> (+12.35%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
prowler 87.99% <100.00%> (+12.35%) :arrow_up:
api ∅ <ø> (∅)
:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Feb 12 '25 19:02 codecov[bot]

✅ All necessary CHANGELOG.md files have been updated. Great job! 🎉

github-actions[bot] avatar Sep 12 '25 09:09 github-actions[bot]

You can check the documentation for this PR here -> Prowler Documentation

github-actions[bot] avatar Sep 30 '25 12:09 github-actions[bot]