The whoAMI attack is possible due to misconfigured AMI selection in AWS environments: The retrieval of AMIs by software using the ec2:DescribeImages API without specifying an owner The use of ...
Users can specify a known AMI ID or search for the latest public AMIs using the ec2.DescribeImgaes API to find region-specific options. If the “owners” attribute is omitted when searching for ...