hashicorp · SwampDragons · Aug 15, 2018 · Aug 14, 2018 · Aug 14, 2018 · Aug 14, 2018
diff --git a/builder/amazon/common/run_config.go b/builder/amazon/common/run_config.go
@@ -25,6 +25,10 @@ func (d *AmiFilterOptions) Empty() bool {
 	return len(d.Owners) == 0 && len(d.Filters) == 0
 }
 
+func (d *AmiFilterOptions) NoOwner() bool {
+	return len(d.Owners) == 0
+}
+
 // RunConfig contains configuration for running an instance from a source
 // AMI and details on how to access that launched image.
 type RunConfig struct {
@@ -101,6 +105,10 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
 		errs = append(errs, fmt.Errorf("A source_ami or source_ami_filter must be specified"))
 	}
 
+	if c.SourceAmi == "" && c.SourceAmiFilter.NoOwner() {
+		errs = append(errs, fmt.Errorf("For security reasons, your source AMI filter must declare an owner."))
+	}
+
 	if c.InstanceType == "" {
 		errs = append(errs, fmt.Errorf("An instance_type must be specified"))
 	}

diff --git a/builder/amazon/common/run_config_test.go b/builder/amazon/common/run_config_test.go
@@ -55,18 +55,28 @@ func TestRunConfigPrepare_InstanceType(t *testing.T) {
 func TestRunConfigPrepare_SourceAmi(t *testing.T) {
 	c := testConfig()
 	c.SourceAmi = ""
-	if err := c.Prepare(nil); len(err) != 1 {
+	if err := c.Prepare(nil); len(err) != 2 {
 		t.Fatalf("Should error if a source_ami (or source_ami_filter) is not specified")
 	}
 }
 
 func TestRunConfigPrepare_SourceAmiFilterBlank(t *testing.T) {
 	c := testConfigFilter()
-	if err := c.Prepare(nil); len(err) != 1 {
+	if err := c.Prepare(nil); len(err) != 2 {
 		t.Fatalf("Should error if source_ami_filter is empty or not specified (and source_ami is not specified)")
 	}
 }
 
+func TestRunConfigPrepare_SourceAmiFilterOwnersBlank(t *testing.T) {
+	c := testConfigFilter()
+	filter_key := "name"
+	filter_value := "foo"
+	c.SourceAmiFilter = AmiFilterOptions{Filters: map[*string]*string{&filter_key: &filter_value}}
+	if err := c.Prepare(nil); len(err) != 1 {
+		t.Fatalf("Should error if Owners is not specified)")
+	}
+}
+
 func TestRunConfigPrepare_SourceAmiFilterGood(t *testing.T) {
 	c := testConfigFilter()
 	owner := "123"

diff --git a/website/source/docs/builders/amazon-chroot.html.md b/website/source/docs/builders/amazon-chroot.html.md
@@ -300,7 +300,7 @@ each category, the available configuration keys are alphabetized.
         is valid.
 
     -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
-        This is helpful to limit the AMIs to a trusted third party, or to your own account.
+        This is a required option, necessary to limit the AMIs your account or a trusted third party.
 
     -   `most_recent` (boolean) - Selects the newest created image when true.
         This is most useful for selecting a daily distro build.

diff --git a/website/source/docs/builders/amazon-ebs.html.md b/website/source/docs/builders/amazon-ebs.html.md
@@ -319,7 +319,7 @@ builder.
         is valid.
 
     -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
-        This is helpful to limit the AMIs to a trusted third party, or to your own account.
+        This is a required option, necessary to limit the AMIs your account or a trusted third party.
 
     -   `most_recent` (boolean) - Selects the newest created image when true.
         This is most useful for selecting a daily distro build.

diff --git a/website/source/docs/builders/amazon-ebssurrogate.html.md b/website/source/docs/builders/amazon-ebssurrogate.html.md
@@ -312,7 +312,7 @@ builder.
         is valid.
 
     -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
-        This is helpful to limit the AMIs to a trusted third party, or to your own account.
+        This is a required option, necessary to limit the AMIs your account or a trusted third party.
 
     -   `most_recent` (boolean) - Selects the newest created image when true.
         This is most useful for selecting a daily distro build.

diff --git a/website/source/docs/builders/amazon-ebsvolume.html.md b/website/source/docs/builders/amazon-ebsvolume.html.md
@@ -240,7 +240,7 @@ builder.
         is valid.
 
     -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
-        This is helpful to limit the AMIs to a trusted third party, or to your own account.
+        This is a required option, necessary to limit the AMIs your account or a trusted third party.
 
     -   `most_recent` (boolean) - Selects the newest created image when true.
         This is most useful for selecting a daily distro build.

diff --git a/website/source/docs/builders/amazon-instance.html.md b/website/source/docs/builders/amazon-instance.html.md
@@ -312,7 +312,7 @@ builder.
         is valid.
 
     -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
-        This is helpful to limit the AMIs to a trusted third party, or to your own account.
+        This is a required option, necessary to limit the AMIs your account or a trusted third party.
 
     -   `most_recent` (boolean) - Selects the newest created image when true.
         This is most useful for selecting a daily distro build.