Workshop 4: AMI

Workshop Goals

In this hands-on workshop, you’ll learn how to create, manage, and utilize Amazon Machine Images (AMIs) for consistent, rapid EC2 instance provisioning. By the end of this session, you will be able to:
• Create custom AMIs from configured instances
• Share and copy AMIs across accounts and regions
• Automate AMI creation via CLI scripts
• Clean up unused AMIs and associated snapshots

Prerequisites

• A running EC2 instance with desired configuration (e.g., web server installed)
• AWS CLI v2 installed and configured
• IAM permissions: ec2:CreateImage, DeregisterImage, CopyImage, DescribeImages, CreateSnapshot
• SSH access to the instance

1. Prepare Your Instance

Ensure your instance is in the desired state: remove temporary files, stop services if needed, and apply patches. Then, stop services gracefully: 

# SSH into instance
ssh -i ~/.ssh/MyKeyPair.pem ec2-user@<PublicIpAddress>

# Stop web server (if running)
sudo systemctl stop nginx

2. Create a Custom AMI

aws ec2 create-image \
  --instance-id i-0123456789abcdef0 \
  --name "Workshop4-AMI-$(date +%Y%m%d%H%M)" \
  --description "Custom AMI for Workshop 4" \
  --no-reboot

create-image Parameters Explained

--instance-id ID of the source EC2 instance.
--name AMI name (timestamped for uniqueness).
--description Human-readable description.
--no-reboot Avoids reboot; file system integrity must be ensured manually.

3. Monitor AMI Creation

# List AMIs owned by you
aws ec2 describe-images \
  --owners self \
  --query "Images[?starts_with(Name, 'Workshop4-AMI')].[ImageId,Name,State,CreationDate]" \
  --output table

describe-images Parameters Explained

--owners self Limits to AMIs you own.
--query Filters and displays ID, name, state, and date.
--output table Readable table format.

4. Share AMI with Another Account

aws ec2 modify-image-attribute \
  --image-id ami-0abcdef1234567890 \
  --launch-permission "Add=[{UserId=123456789012}]"

modify-image-attribute Parameters Explained

--image-id AMI ID to share.
--launch-permission JSON specifying account IDs to grant launch permission.

5. Copy AMI to Another Region

aws ec2 copy-image \
  --source-region us-east-1 \
  --source-image-id ami-0abcdef1234567890 \
  --region eu-west-1 \
  --name "Workshop4-AMI-EU" \
  --description "Copied AMI for EU region"

copy-image Parameters Explained

--source-region Region of the original AMI.
--source-image-id Original AMI ID.
--region Destination region.
--name Name for copied AMI.
--description Description for the copy.

6. Deregister AMI and Cleanup Snapshots

# Deregister AMI when no longer needed
aws ec2 deregister-image --image-id ami-0abcdef1234567890

# Delete associated snapshots
aws ec2 describe-snapshots \
  --filters Name=description,Values="*ami-0abcdef1234567890*" \
  --query "Snapshots[*].SnapshotId" --output text | \
  xargs -n1 aws ec2 delete-snapshot --snapshot-id

Deregister & Snapshot Cleanup Explained

deregister-image Removes AMI registration.
describe-snapshots Lists snapshots from the AMI.
delete-snapshot Deletes each snapshot to free storage.

Next Steps

Automate AMI workflows by scripting these commands or integrating with AWS Systems Manager Automation Documents. Consider lifecycle policies in AWS Backup to schedule AMI creation and retention for production workloads.

Previous: Workshop 3: Add Volume | Next: Workshop 5: Snapshots

<
>