This rule detects modifications to Amazon Machine Images (AMIs) that allow public access, which is a significant security risk. If an AMI is improperly configured to allow public launch, sensitive data stored on the block devices can be exposed or accessed by unauthorized users. The rule monitors AWS CloudTrail logs for specific events indicating that an AMI's launch permissions have been altered to include 'all' users. The severity is marked as Medium, reflecting the potential impact of unauthorized access to sensitive data. The rule applies to scenarios where AMIs are shared publicly, necessitating scrutiny to ensure appropriate access controls. A comprehensive runbook is provided to respond to detections, enabling quick mitigation actions to secure the AMI.