         | Did this page help you? Yes No Tell us about it... |
Using Shared AMIs
This section describes how to find and safely use shared AMIs. One of the easiest ways to get started with Amazon EC2 is to use a shared AMI that has the components you need and add custom content.
Find Shared AMIs
To find shared AMIs
Enter the ec2-describe-images command (or the abbreviated ec2dim command) with a flag to filter the results.
Example
The following command displays a list of all public AMIs. The
-x all flag shows AMIs executable by all AWS
accounts (i.e., AMIs with public launch permissions). This includes AMIs
you own with public launch permissions.
PROMPT>ec2dim -x all
The following command displays a list of AMIs for which you have explicit launch permissions. AMIs that you own are excluded from the list.
PROMPT>ec2dim -x self
The following command displays a list of AMIs owned by Amazon.
PROMPT>ec2dim -o amazon
The following command displays a list of AMIs owned by a particular AWS account.
PROMPT>ec2dim -o<target_uid>
The <target_uid> is the account ID that
owns the AMIs you're looking for.
![[Tip]](http://docs.amazonwebservices.com/docs-common/images/tip.png) | Tip |
|---|---|
You can filter this list to return only certain types of AMIs of interest to you. For more information about how to filter the results, go to ec2-describe-images in the Amazon Elastic Compute Cloud Command Line Reference. |
Safe Use of Shared AMIs
You launch AMIs at your own risk. Amazon cannot vouch for the integrity or security of AMIs shared by other EC2 users. Therefore, you should treat shared AMIs as you would any foreign code that you might consider deploying in your own data center and perform the appropriate due diligence.
Ideally, you should get the AMI ID from a trusted source (a web site, another EC2 user, etc). If you do not know the source of an AMI, we recommend that you search the forums for comments on the AMI before launching it. Conversely, if you have questions or observations about a shared AMI, feel free to use the AWS forums to ask or comment.
Amazon's public images have an aliased owner and display
amazon in the userId field. This allows you
to find Amazon's public images easily.
![[Note]](http://docs.amazonwebservices.com/docs-common/images/note.png) | Note |
|---|---|
Users cannot alias an AMI's owner. |
If you plan to use a shared AMI, review the following table to confirm the instance is not doing anything malicious.
Launch Confirmation Process
|
1 |
Check the ssh authorized keys file. The only key in the file should be the key you used to launch the AMI. |
|
2 |
Check open ports and running services. |
|
3 |
Change the root password if it is not randomized on startup. For more information on randomizing the root password on startup, see Disable Password-Based Logins for Root. |
|
4 |
Check if SSH allows root password logins. See Disable Password-Based Logins for Root for more information on disabling root based password logins. |
|
5 |
Check whether there are any other user accounts that might allow backdoor entry to your instance. Accounts with super user privileges are particularly dangerous. |
|
6 |
Verify that all cron jobs are legitimate. |
