An AMI

  • Expands to Amazon Machine Image
  • Is a configuration detail
  • provides information required to launch an instance.
  • Can launch multiple instances from a single AMI if multiple instances with same configuration is needed.
  • Use different AMIs to launch instances with different configurations.

An AMI includes

  • Single or multiple EBS snapshots
  • for instance-store-backed AMIs, template for root volume of instance is stored (like OS, application server and software applications).
  • Launch permissions controlling which AWS accounts can use AMI to launch instances.
  • A block device mapping specifying volumes to attach to instance when it’s launched.

AMI Types based on characteristics:

  • Region
  • Operating system
  • Architecture (32-bit or 64-bit)
  • Launch Permissions
    • public  – all AWS accounts has launch permissions from owner
    • explicit  – specific AWS accounts has launch permissions from owner
    • implicit  – Only owner has implicit launch permissions.
  • Storage for the Root Device
    • Backed by Amazon EBS – root device for an instance launched from the AMI is an Amazon EBS volume created from an Amazon EBS snapshot.
    • Backed by instance store- root device for an instance launched from AMI is an instance store volume created from a template stored in Amazon S3.

Sharing AMIs

  • Shared AMI is an AMI that a developer created and made available for other developers to use.
  • Using shared AMI at own risk
  • encrypted volumes AMIs cannot be made public
  • Capability for AMI sharing with AWS accounts without making it public
  • Sharing AMI by AWS CLI, can be done by modify-image-attribute command
  • Can also create a bookmark that allows a user to access AMI and launch an instance in their own account.

Sharing an AMI (Console)

  • Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
  • In the navigation pane, choose AMIs.
  • Select AMI in the list, and then choose Actions, Modify Image Permissions.
  • Enlist the AWS account number to share AMI with, in AWS Account Number field, then choose Add Permission.

AMI sharing Guidelines

  • Update AMI Tools Before Using Them
  • Disable Password-Based Remote Logins for Root
  • Disable Local Root Access
  • Remove SSH Host Key Pairs
  • Install Public Key Credentials
  • Disabling sshd DNS Checks (Optional)
Menu