avatarTeri Radichel

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

1595

Abstract

/div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*ClTiOSySJgGcN47QRA6Ssw.png)"></div> </div> </div> </a> </div><p id="ecba">Finally, I realized that the problem was not with my AMI permisisons at all, or the KMS key policy.</p><p id="82da">I had added a line to programmatically share the AMI as explained here:</p><div id="e993" class="link-block"> <a href="https://readmedium.com/sharing-an-encrypted-ami-programmatically-aca891c2a729"> <div> <div> <h2>Sharing an Encrypted AMI Programmatically</h2> <div><h3>ACM.216 A script to share an encrypted AMI with our existing KMS Key CloudFormation template</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*KPj5jJh90-_SITCXpcYEAw.png)"></div> </div> </div> </a> </div><p id="5a79">As it turns out, while trying to adjust the AMI and key permissions I altered the permissions that allowed the modification of the AMI by the line of code in the above script.</p><p id="9d9a">ModifyImageAttribute had to do with changing the AMI permissions to allow another account to access the AMI. The cross account role for the principle trying to make this change has to allow this action.</p><p id="bd26">Follow for upda

Options

tes.</p><p id="4a3a">Teri Radichel | <i>© <a href="https://2ndsightlab.com/?source=post_page---------------------------">2nd Sight Lab</a> 2023</i></p><div id="8b5f"><pre><span class="hljs-section">About Teri Radichel:

⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab</pre></div><div id="caae"><pre><span class="hljs-section">Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation</pre></div><div id="46f6"><pre>Follow <span class="hljs-keyword">for</span> more stories like <span class="hljs-keyword">this</span>:

❤️ Sign Up my Medium Email List ❤️ Twitter: <span class="hljs-meta">@teriradichel</span> ❤️ LinkedIn: https:<span class="hljs-comment">//www.linkedin.com/in/teriradichel</span> ❤️ Mastodon: <span class="hljs-meta">@teriradichel</span><span class="hljs-meta">@infosec</span>.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab</pre></div><figure id="550c"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*4oxP4LXk8l8c3mpRvO7ejg.png"><figcaption></figcaption></figure></article></body>

An error occurred (AuthFailure) when calling the ModifyImageAttribute operation: Not authorized for image:ami-xyz

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: Bugs | AWS Security | Secure Code

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I got this error while running a script to deploy an EC2 instance using an AMI in another account. Initially I thought the problem was with sharing the encryption key or AMI which I wrote about here:

Finally, I realized that the problem was not with my AMI permisisons at all, or the KMS key policy.

I had added a line to programmatically share the AMI as explained here:

As it turns out, while trying to adjust the AMI and key permissions I altered the permissions that allowed the modification of the AMI by the line of code in the above script.

ModifyImageAttribute had to do with changing the AMI permissions to allow another account to access the AMI. The cross account role for the principle trying to make this change has to allow this action.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Error Message
Ami
Share
Cross Account
Role
Recommended from ReadMedium
avatarAndrew Blooman
Terraform Best Practices For AWS

Using Terraform the Right Way for the AWS Cloud

10 min read
avatarUsama Malik
How to Build Better Cloud Architectures with the AWS Well-Architected Framework

Building Resilient, Secure, and Scalable Cloud Systems with AWS Well-Architected Framework

5 min read
avatarRahul Sharma
M vs. R: The AWS Interview Question Almost Everyone Gets Wrong!

3 min read
avatarSathyaprakash Sahoo
Here’s Why I Don’t Suggest People to Get into Cybersecurity

What Most Won’t Tell You About a Career in Cybersecurity

8 min read
avatarCarlos Biagolini-Jr.
AWS VPN Client for Organization

Overview

13 min read
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read