We operate a "hub and spoke" VPC that builds AMIs for other accounts to use. Rather than deregistering AMIs I would like to revoke permissions on the AMI.
Another use case: enforce that AMIs are not being shared with other accounts.
both sounds good,
so an action like
policies:
- name: yank-old-ami-access
resources: ami
filters:
- image-age: 90
actions:
- remove-launch-permissions
with additional customization options re removing additional account access by id.
this was added in 0.8.19.5
Most helpful comment
both sounds good,
so an action like
with additional customization options re removing additional account access by id.