Dear Amazon EC2 Customer,Your security is important to us. As part of our o

1. Dear Amazon EC2 Customer,
2.  
3. Your security is important to us. As part of our ongoing efforts to ensure a secure computing environment, we have identified several public Third Party AMIs which had a blank root password. Specifically, certain Red Hat Enterprise Linux (RHEL) AMIs provided by Red Hat as well as some Fedora and CentOS images within the public AMI catalog and the AWS Marketplace did not lock the root password. The EC2 best practice for AMI publishers is to lock down the root password by default.
4.  
5. For customers that only access their instances using the root permissions, this is not an issue. However, many customers leverage the ability to define “local” users with different passwords and different permissions within their instance in order to increase security. Many of these customers proactively set a root password, but if you haven’t set a root password and if you’re using a RHEL AMI or another of the 3rd party AMIs configured in this way, users logged into your instance as a local user would be able to perform actions as root without additional credentials. They would still need your EC2 credentials or local user password to log into the instance initially; however, we recommend if you’re using this functionality on Red Hat Enterprise Linux, Fedora, or CentOS AMIs, you should set a root password to prevent your local users from having root permissions.
6.  
7. Our records show that you have launched instances from the following AMIs in the past which may be configured in this manner. We recommend that you validate your images are configured correctly if they are owned by you, or that you migrate to an updated version of that AMI for future launches.
8.  
9. us-west-2 ami-xxxxxxxx
10.  
11. If your root password is not yet set or locked, you can easily do so by logging into your running instance and issuing the following command to set it:
12.  
13. sudo passwd
14.  
15. or to lock it:
16.  
17. sudo passwd -l root
18.  
19. Should you require assistance in either identifying or remediating applicable EC2 instances, please do not hesitate to contact AWS Support:
20.  
21. https://aws.amazon.com/support
22.  
23. For more information on how to use and share public AMIs in a secure manner, please see https://aws.amazon.com/articles/0155828273219400
24.  
25. Regards,
26.  
27. The Amazon Web Services Team
28.  
29.  
30. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, Washington 98109-5210