AWS Security ChangesHomeSearch

AWS AWSEC2 medium security documentation change

Service: AWSEC2 · 2026-06-25 · Security-related medium

File: AWSEC2/latest/UserGuide/ami-watermark.md

Summary

Added guidance about combining watermarks with Allowed AMIs for governance enforcement

Security assessment

The change explicitly links AMI watermarks to security governance by recommending their use with Allowed AMIs to restrict instance launches. This directly enables security controls to prevent unauthorized AMI usage.

Diff

diff --git a/AWSEC2/latest/UserGuide/ami-watermark.md b/AWSEC2/latest/UserGuide/ami-watermark.md
index 4ee7b594d..a10296eb2 100644
--- a//AWSEC2/latest/UserGuide/ami-watermark.md
+++ b//AWSEC2/latest/UserGuide/ami-watermark.md
@@ -29,0 +30,2 @@ An AMI watermark is an identifier that you attach to your private AMIs to track
+  * Enforce governance by combining watermarks with [Allowed AMIs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-allowed-amis.html) to restrict instance launches to only AMIs carrying approved watermarks.
+