An AMI
- Expands to Amazon Machine Image
- Is a configuration detail
- provides information required to launch an instance.
- Can launch multiple instances from a single AMI if multiple instances with same configuration is needed.
- Use different AMIs to launch instances with different configurations.
An AMI includes
- One or more EBS snapshots, or for instance-store-backed AMIs, a template for the root volume of the instance (for example, an operating system, an application server, and applications).
- Launch permissions controlling which AWS accounts can use AMI to launch instances.
A block device mapping specifying volumes to attach to instance when it’s launched.
AMI Types based on characteristics:
- Region
- Operating system
- Architecture (32-bit or 64-bit)
- Launch Permissions
- public – The owner grants launch permissions to all AWS accounts.
- explicit – The owner grants launch permissions to specific AWS accounts.
- implicit – The owner has implicit launch permissions for an AMI.
- Storage for the Root Device
- Backed by Amazon EBS – root device for an instance launched from the AMI is an Amazon EBS volume created from an Amazon EBS snapshot.
- Backed by instance store- root device for an instance launched from AMI is an instance store volume created from a template stored in Amazon S3.
Sharing AMIs
- Shared AMI is an AMI that a developer created and made available for other developers to use.
- Using shared AMI at your own risk
- AMIs with encrypted volumes cannot be made public
- can share an AMI with specific AWS accounts without making the AMI public
- Use the modify-image-attribute command (AWS CLI) to share an AMI
- Can also create a bookmark that allows a user to access your AMI and launch an instance in their own account
Sharing an AMI (Console)
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
- In the navigation pane, choose AMIs.
- Select your AMI in the list, and then choose Actions, Modify Image Permissions.
- Specify the AWS account number of the user with whom you want to share the AMI in the AWS Account Number field, then choose Add Permission.
AMI sharing Guidelines
- Update the AMI Tools Before Using Them
- Disable Password-Based Remote Logins for Root
- Disable Local Root Access
- Remove SSH Host Key Pairs
- Install Public Key Credentials
- Disabling sshd DNS Checks (Optional)
Are you an AWS SysOps Administrator Associate?Take a Quiz