fix: Prevent AMI name confusion attack

Author: michaelwittig

chapter04/virtualmachine.ps1

@@ -8,7 +8,7 @@
 # Right click on the *.ps1 file and select Run with PowerShell
 $ErrorActionPreference = "Stop"
 
-$AMIID=aws ec2 describe-images --filters "Name=name,Values=amzn2-ami-hvm-2.0.202*-x86_64-gp2" --query "Images[0].ImageId" --output text
+$AMIID=aws ec2 describe-images --owner amazon --filters "Name=name,Values=amzn2-ami-hvm-2.0.202*-x86_64-gp2" --query "Images[0].ImageId" --output text
 $VPCID=aws ec2 describe-vpcs --filter "Name=isDefault, Values=true" --query "Vpcs[0].VpcId" --output text
 $SUBNETID=aws ec2 describe-subnets --filters "Name=vpc-id, Values=$VPCID" --query "Subnets[0].SubnetId" --output text
 $INSTANCEID=aws ec2 run-instances --image-id $AMIID --instance-type t3.micro --subnet-id $SUBNETID --iam-instance-profile "Name=ec2-ssm-core" --query "Instances[0].InstanceId" --output text

chapter04/virtualmachine.sh

@@ -1,6 +1,6 @@
 #!/bin/bash -e
 # You need to install the AWS Command Line Interface from http://aws.amazon.com/cli/
-AMIID="$(aws ec2 describe-images --filters "Name=name,Values=amzn2-ami-hvm-2.0.202*-x86_64-gp2" --query "Images[0].ImageId" --output text)"
+AMIID="$(aws ec2 describe-images --owner amazon --filters "Name=name,Values=amzn2-ami-hvm-2.0.202*-x86_64-gp2" --query "Images[0].ImageId" --output text)"
 VPCID="$(aws ec2 describe-vpcs --filter "Name=isDefault, Values=true" --query "Vpcs[0].VpcId" --output text)"
 SUBNETID="$(aws ec2 describe-subnets --filters "Name=vpc-id, Values=$VPCID" --query "Subnets[0].SubnetId" --output text)"
 INSTANCEID="$(aws ec2 run-instances --image-id "$AMIID" --instance-type t3.micro --subnet-id "$SUBNETID" --iam-instance-profile "Name=ec2-ssm-core" --query "Instances[0].InstanceId" --output text)"