Amazon Linux AMIs

For a list of the latest Amazon Linux AMIs, go to Amazon Linux AMIs.

After locating your desired AMI, note the AMI ID. You can use the AMI ID to launch and then connect to your instance.

The Amazon Linux AMI does not allow remote root SSH by default. Also, password authentication is disabled to prevent brute-force password attacks. To enable SSH logins to a running Amazon Linux AMI, you must provide your key pair to the instance at launch. You must also set the security group used to launch your instance to allow SSH access. By default, the only account that can log in remotely via SSH is ec2-user. The ec2-user has sudo privileges. If you want to enable remote root log in, please be aware that it is less secure than relying on key pairs and a secondary user.

For information on launching and using your Amazon Linux instance, go to Launching and Using Instances. For information on connecting to your Amazon Linux instance, go to Connecting to Linux/UNIX Instances from Linux/UNIX.

Each image contains a unique /etc/image-id that identifies the AMI. This file contains information about the image.

Following is an example of the /etc/image-id file:

$ cat /etc/image-id
image_name="amzn-ami-pv"
image_version="2013.03"
image_arch="x86_64"
image_file="amzn-ami-pv-2013.03.0.x86_64.ext4"
image_stamp="7c35-50b2"
image_date="20130322053523"
recipe_name="amzn ami"
recipe_id="240049bc-8990-fb91-ccad-aeb9-4dfe-eaac-44035533"
 

The image_name, image_version, and image_arch items come from the build recipe that Amazon used to construct the image. The image_stamp is simply a unique random hex value generated during image creation. The image_date item is in YYYYMMDDhhmmss format, and is the UTC time of image creation. The recipe_name and recipe_id refer to the name and ID of the build recipe Amazon used to construct the image, which identifies the current running version of the Amazon Linux AMI. This file will not change as you install updates from the yum repository.

Amazon Linux AMIs contain a /etc/system-release file that specifies the current release that is installed. This file is updated through yum and is part of the system-release rpm.

Following is an example of a /etc/system-release file:

# cat /etc/system-release
Amazon Linux AMI release 2013.03      

An Amazon Linux AMI also contains a machine readable version of the /etc/system-release file found in /etc/system-release-cpe and follows the CPE specification from MITRE (CPE).

The following popular command line tools for AWS integration and usage have been included in the Amazon Linux AMI or in the repositories:

To simplify the configuration of these tools, a simple script has been included to prepare AWS_CREDENTIAL_FILE, JAVA_HOME, AWS_PATH, PATH, and product-specific environment variables after a credential file has been installed.

Also, to allow the installation of multiple versions of the API and AMI tools, we have placed symlinks to the desired versions of these tools in /opt/aws, as described here:

The cloud-init package is an open source application built by Canonical that is used to bootstrap Linux images in a cloud computing environment, such as Amazon EC2. The Amazon Linux AMI contains a customized version of cloud-init. It enables you to specify actions that should happen to your instance at boot time. You can pass desired actions to cloud-init through the user data fields when launching an instance. This means you can use common AMIs for many use cases and configure them dynamically at startup. The Amazon Linux AMI also uses cloud-init to perform initial configuration of the ec2-user account.

For more information about cloud-init, go to https://help.ubuntu.com/community/CloudInit.

The Amazon Linux AMIs use the following cloud-init actions (configurable in /etc/sysconfig/cloudinit):

Beginning with the 2011.09 release of the Amazon Linux AMI, Amazon Linux AMIs are treated as snapshots in time, with a repository and update structure that always gives you the latest packages when you run yum update -y.

The repository structure is configured to deliver a continuous flow of updates that allow you to roll from one version of the Amazon Linux AMI to the next. For example, with the release of the Amazon Linux AMI, if you launch older versions of the Amazon Linux AMI (such as 2012.09 or earlier) and run yum update -y, you will still end up with the latest packages.

You can disable rolling updates for the Amazon Linux AMI by enabling the lock-on-launch feature. The lock-on-launch feature locks your newly launched instance to receive updates only from the specified release of the AMI. For example, you can launch a 2012.03 AMI and have it receive only the updates that were released prior to the Amazon Linux AMI, until you are ready to migrate to the 2013.03 AMI. To enable lock-on-launch in new instances, launch a Amazon Linux AMI with the following user data passed to cloud-init, using either the EC2 console or the ec2-run-instances command with the -f flag.

#cloud-config
repo_releasever:2013.03

The Amazon Linux AMI is designed to be used with online package repositories hosted in each Amazon EC2 region. These repositories provide ongoing updates to packages in the Amazon Linux AMI, as well as access to hundreds of additional common open source server applications. The repositories are available in all regions and are accessed via yum update tools, as well as on the Linux AMI packages site. Hosting repositories in each region allows updates to be deployed quickly and without any data transfer charges. The packages can be installed by issuing yum commands, such as the following example:

#  sudo yum install httpd

Access to the Extra Packages for Enterprise Linux (EPEL) repository is configured, but it is not enabled by default. EPEL provides third-party packages in addition to those that are in the Amazon Linux AMI repositories. The third-party packages are not supported by Amazon Web Services.

If you find that the Amazon Linux AMI does not contain an application you need, you can simply install the application directly on your Amazon Linux AMI instance. The Amazon Linux AMI uses RPM and yum for package management, and that is likely the simplest way to install new applications. You should always check to see if an application is available in our central Amazon Linux AMI repository first, because many applications are available there. These applications can easily be added to your AMI instance.

To upload your applications onto an Amazon Linux running instance, use scp or sftp and then configure the application by logging on to your instance. Your applications can also be uploaded during the instance launch by using the PACKAGE_SETUP action from built-in the cloud-init package. For more information, see cloud-init.

You can view the source of packages you have installed inside Amazon EC2 for reference purposes by using tools provided in the Amazon Linux AMI. Source packages are available for all of the packages included in the Amazon Linux AMI and the online package repository. Simply determine the package name for the source package you want to install and use the get_reference_source command to view source within your running instance. For example:

# get_reference_source -p  httpd

Following is a sample response:

# get_reference_source -p httpd

Requested package: httpd
Found package from local RPM database: httpd-2.2.22-1.24.amzn1.x86_64
Corresponding source RPM to found package: httpd-2.2.22-1.24.amzn1.src.rpm

Are these parameters correct? Please type 'yes' to continue: yes
Source RPM downloaded to: /usr/src/srpm/debug/httpd-2.2.22-1.24.amzn1.src.rpm

The source RPM will be placed in the /usr/src/srpm/debug directory of your running Amazon EC2 instance. From there it can be unpacked, and, for reference, you can view the source tree using standard RPM tools. After you finish debugging, the package will be available for use in Amazon EC2.

A full set of Linux development tools is provided in the yum repository for the Amazon Linux AMI. To develop applications on the Amazon Linux AMI, simply select the development tools you need with yum. Alternatively, many applications developed on CentOS and other similar distributions should run on the Amazon Linux AMI.

The instance store drive ephemeral0 is mounted in /media/ephmeral0 only on Amazon instance store-backed AMIs. This is different than many other images that mount the instance store drive under /mnt.

The Amazon Linux AMI is updated regularly with security and feature enhancements. If you do not need to preserve data or customizations on your running Amazon Linux AMI instances, you can simply relaunch new instances with the latest updated Amazon Linux AMI. If you do need to preserve data or customizations on your running Amazon Linux AMI instances, you can maintain those instances through the Amazon Linux AMI yum repositories. The yum repositories contain all the updated packages. You can chose to apply these updates to your running instances.

Older versions of the AMI and update packages will continue to be available for launch in Amazon EC2, even as new Amazon Linux AMI versions are released. However, in some cases, if you're seeking support for an older version of the Amazon Linux AMI through Amazon Premium Support, we might ask you to move to newer versions as part of the support process.

Security updates are provided via the Amazon Linux AMI yum repositories as well as via updated Amazon Linux AMIs. Security alerts will be published in the Amazon Linux AMI Security Center. For more information on AWS security policies or to report a security problem, visit the AWS Security Center.

Amazon Linux AMIs are configured to download and install security updates at launch time. This is controlled via a cloud-init setting called repo_upgrade. The following snippet of cloud-init configuration shows how you can change the settings in the user data text you pass to your instance initialization:

#cloud-config
repo_upgrade:security

The possible values for the repo_upgrade setting are as follows:

The default setting for repo_upgrade is security. That is, if you don't specify a different value in your user data, by default the Amazon Linux AMI will perform the security upgrades at launch for any packages installed at that time. Amazon Linux AMI will also notify you of any updates to the installed packages by listing the number of available updates upon login using the motd. To install these updates, you will need to run sudo yum upgrade on the instance.

Support for installation and use of the base Amazon Linux AMI is included through subscriptions to AWS Premium Support. For more information, go to Premium Support.

You’re encouraged to post any questions you have on using the Amazon Linux AMI to the Amazon EC2 forums.

You can report bugs either to Premium Support or the Amazon EC2 forums.