Amazon Elastic Compute Cloud
User Guide for Linux (API Version 2014-10-01)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Copying an AMI

You can easily copy the Amazon Machine Images (AMIs) that you own to other AWS regions and scale your applications to take advantage of AWS's geographically diverse regions.

Note

AMIs with encrypted volumes cannot be copied using the AWS Management Console. Instead, you must copy each volume's snapshot to the target region and create a new AMI in that region using the copied snapshots in the block device mappings.

Copying your AMIs provides the following benefits:

  • Consistent global deployment: You can copy an AMI from one region to another, enabling you to launch consistent instances based from the same AMI into different regions.

  • Scalability: You can more easily design and build world-scale applications that meet the needs of your users, regardless of their location.

  • Performance: You can increase performance by distributing your application, as well as locating critical components of your application in closer proximity to your users. You can also take advantage of region-specific features, such as instance types or other AWS services.

  • High availability: You can design and deploy applications across AWS regions, to increase availability.

AMI Copy

You can copy both Amazon EBS-backed AMIs and instance-store-backed AMIs. You can copy an AMI to as many regions as you like. You can also copy an AMI to the same region. Each copy of an AMI results in a new AMI with its own unique AMI ID. When you launch an instance from an AMI, we launch it into the same region as the AMI you select, as shown in the following diagram.

Copying an AMI to multiple regions and launching instances

When you copy an AMI, the new AMI is fully independent of the source AMI; there is no link to the original (source) AMI. You can modify the new AMI without affecting the source AMI. The reverse is also true: you can modify the source AMI without affecting the new AMI. Therefore, if you make changes to the source AMI and want those changes to be reflected in the AMI in the destination region, you must recopy the source AMI to the destination region.

We don't copy launch permissions, user-defined tags, or Amazon S3 bucket permissions from the source AMI to the new AMI. After the copy operation is complete, you can apply launch permissions, user-defined tags, and Amazon S3 bucket permissions to the new AMI. AMIs with encrypted volumes cannot be copied.

We try to find matching AKIs and ARIs for the new AMI in the destination region. If we can't find a matching AKI or ARI, then we don't copy the AMI. If you are using the AKIs and ARIs that we recommend, the copy operation registers the AMI with the appropriate AKI and ARI in the destination region. If you get an error message "Failed to find matching AKI/ARI", it means that the destination region doesn't contain an AKI or ARI that matches those specified in the source AMI. If your AMI uses a PV-GRUB AKI, then you can update the AMI to leverage the latest version of PV-GRUB. For more information on PV-GRUB and AKIs, see PV-GRUB.

There are no charges for copying an AMI. However, standard storage and data transfer rates apply.

Copying an Amazon EC2 AMI

Prior to copying an AMI, you must ensure that the contents of the source AMI are updated to support running in a different region. For example, you should update any database connection strings or similar application configuration data to point to the appropriate resources. Otherwise, instances launched from the new AMI in the destination region may still use the resources from the source region, which can impact performance and cost.

You can copy an AMI using the AWS Management Console or the command line.

To copy an AMI using the console

  1. Open the Amazon EC2 console.

  2. From the navigation bar, select the region that contains the AMI to copy.

  3. In the navigation pane, click AMIs.

  4. Select the AMI to copy, click Actions, and then click Copy AMI. If your AMI has encrypted volumes, see Copying an Amazon EC2 AMI with Encrypted Volumes.

    Note

    AMIs with encrypted volumes cannot be copied using the AWS Management Console. Instead, you must copy each volume's snapshot to the target region and create a new AMI in that region using the copied snapshots in the block device mappings.

  5. In the AMI Copy page, set the following fields, and then click Copy AMI:

    • Destination region: Select the region to which you want to copy the AMI.

    • Name: Specify a name for the new AMI.

    • Description: By default, the description includes information about the source AMI so that you can identify a copy from the original. You can change this description as necessary.

  6. We display a confirmation page to let you know that the copy operation has been initiated and provide you with the ID of the new AMI.

    To check on the progress of the copy operation immediately, click the provided link to switch to the destination region. To check on the progress later, click Done, and then when you are ready, use the navigation pane to switch to the destination region.

    The initial status of the destination AMI is pending and the operation is complete when the status is available.

To copy an AMI using the command line

Copying an AMI from the command line requires that you specify both the source and destination regions. You specify the source region using the --source-region parameter. For the destination region, you have two options:

You can copy an AMI using one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.

Copying an Amazon EC2 AMI with Encrypted Volumes

AMIs with encrypted volumes cannot be copied using the AWS Management Console. However, you can manually copy the Amazon EBS volume snapshots from your source region to your destination region, and then register a new AMI in the destination region with the copied snapshots. This will give you the same end result as copying the AMI using the AWS Management Console. The following procedure demonstrated how to do this with the AWS CLI, but you can also use the Amazon EC2 CLI or the SDK tools if you prefer.

To copy an Amazon EC2AMI with encrypted volumes using the AWS CLI

  1. Collect the needed information for the AMI you would like to copy with the describe-images command. Take note of the following:

    • VirtualizationType

    • SriovNetSupport

    • BlockDeviceMappings, including the SnapshotId, VolumeType, and Encrypted values

    • Architecture

    • RootDeviceName

    $  aws ec2 describe-images --region us-west-2 --image-id ami-1a2b3c4d
    {
        "Images": [
            {
                "VirtualizationType": "hvm",
                "Name": "ec2-encrypted-volume-ami",
                "Hypervisor": "xen",
                "SriovNetSupport": "simple",
                "ImageId": "ami-1a2b3c4d",
                "State": "available",
                "BlockDeviceMappings": [
                    {
                        "DeviceName": "/dev/xvda",
                        "Ebs": {
                            "DeleteOnTermination": true,
                            "SnapshotId": "snap-2345bcde",
                            "VolumeSize": 8,
                            "VolumeType": "gp2",
                            "Encrypted": false
                        }
                    },
                    {
                        "DeviceName": "/dev/sdb",
                        "Ebs": {
                            "DeleteOnTermination": false,
                            "SnapshotId": "snap-3456cdef",
                            "VolumeSize": 100,
                            "VolumeType": "gp2",
                            "Encrypted": false
                        }
                    },
                    {
                        "DeviceName": "/dev/sdc",
                        "Ebs": {
                            "DeleteOnTermination": false,
                            "SnapshotId": "snap-abcd1234",
                            "VolumeSize": 150,
                            "VolumeType": "gp2",
                            "Encrypted": true
                        }
                    }
                ],
                "Architecture": "x86_64",
                "ImageLocation": "012345678910/ec2-encrypted-volume-ami",
                "RootDeviceType": "ebs",
                "OwnerId": "012345678910",
                "RootDeviceName": "/dev/xvda",
                "Public": false,
                "ImageType": "machine",
                "Description": "/dev/xvdc is encrypted"
            }
        ]
    }
  2. Copy each Amazon EBS snapshot contained in the AMI to the destination region for your new AMI. This can be done in the AWS Management Console or with the command line tools. It is helpful to note in the snapshot description which device the snapshot is for. This will help you configure the block device mapping on your new AMI later. The following command copies the snapshot associated with /dev/sdc on our AMI.

    $  aws ec2 copy-snapshot --source-region us-west-2 --source-snapshot-id snap-abcd1234 --destination-region us-east-1 --description "Copy of /dev/sdc from ami-1a2b3c4d"
    {
        "SnapshotId": "snap-4321dcba"
    }
  3. Register your new AMI with the copied snapshots in the block device mapping and the information you recorded earlier using the register-image command. For more information, see register-image.

    $  aws ec2 register-image --region us-east-1 --name "my-copied-ami" --architecture x86_64 --root-device-name /dev/xvda --block-device-mappings "[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"DeleteOnTermination\":true,\"SnapshotId\":\"snap-5432edcb\",\"VolumeType\":\"gp2\"}},{\"DeviceName\":\"/dev/sdb\",\"Ebs\":{\"DeleteOnTermination\":false,\"SnapshotId\":\"snap-6543fedc\",\"VolumeType\":\"gp2\"}},{\"DeviceName\":\"/dev/sdc\",\"Ebs\":{\"DeleteOnTermination\":false,\"SnapshotId\":\"snap-4321dcba\",\"VolumeType\":\"gp2\"}}]"  --virtualization-type hvm --sriov-net-support simple
    {
        "ImageId": "ami-1d2c3b4a"
    }
  4. (Optional) Run the describe-images command on your new AMI and compare it to the original to ensure that everything is correct. If not, you can deregister the image, make your corrections, and try registering the AMI again. For more information, see deregister-image.

Stopping a Pending AMI Copy Operation

You can stop a pending AMI copy using the AWS Management Console or the command line.

To stop an AMI copy operation using the console

  1. Open the Amazon EC2 console.

  2. From the navigation bar, select the destination region from the region selector.

  3. In the navigation pane, click AMIs.

  4. Select the AMI you want to stop copying, click Actions, and then click Deregister.

  5. When asked for confirmation, click Continue.

To stop an AMI copy operation using the command line

You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon EC2.