diff --git a/modules/ami-centos/main.tf b/modules/ami-centos/main.tf
index a576fcb8..0bec6c3a 100644
--- a/modules/ami-centos/main.tf
+++ b/modules/ami-centos/main.tf
@@ -22,6 +22,15 @@ data "aws_ami" "centos" {
     values = ["x86_64"]
   }
 
+  # this filter is here to guarantee that ami's come from the official CentOS.org
+  filter {
+    name   = "product-code"
+    values = [
+      "aw0evgkw8e5c1q413zgy5pjce", # Official `CentOS 7 (x86_64) - with Updates HVM` product id
+      "6x5jmcajty9edm3f211pqjfn2"  # Official `CentOS 6 (x86_64) - with Updates HVM` product id
+    ]
+  }
+
   owners = ["679593333241"]
 
   name_regex = "^CentOS Linux ${var.release} x86_64 HVM EBS ENA"