Amazon Elastic Compute Cloud
User Guide for Linux (API Version 2014-10-01)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Sharing an AMI with Specific AWS Accounts

You can share an AMI with specific AWS accounts without making the AMI public. All you need are the AWS account IDs.

Sharing an AMI Using the Console

To grant explicit launch permissions using the console

  1. Open the Amazon EC2 console.

  2. In the navigation pane, click AMIs.

  3. Select your AMI in the list, and then select Modify Image Permissions from the Actions list.

  4. Specify the AWS account number of the user with whom you want to share the AMI in the AWS Account Number field, then click Add Permission.

    To share this AMI with multiple users, repeat the above step until you have added all the required users.

  5. To allow create volume permissions for snapshots, check Add "create volume" permissions to the following associated snapshots when creating permissions.

    Note

    You do not need to share the Amazon EBS snapshots that an AMI references in order to share the AMI. Only the AMI itself needs to be shared; the system automatically provides the instance access to the referenced Amazon EBS snapshots for the launch.

  6. Click Save when you are done.

Sharing an AMI Using the AWS CLI

Use the modify-image-attribute command to share an AMI as shown in the following examples.

To grant explicit launch permissions

The following command grants launch permissions for the specified AMI to the specified AWS account.

$ aws ec2 modify-image-attribute --image-id ami-2bb65342 --launch-permission "{\"Add\":[{\"UserId\":\"123456789012\"}]}"

To remove launch permissions for an account

The following command removes launch permissions for the specified AMI from the specified AWS account:

$ aws ec2 modify-image-attribute --image-id ami-2bb65342 "{\"Remove\":[{\"UserId\":\"123456789012\"}]}"

To remove all launch permissions

The following command removes all public and explicit launch permissions from the specified AMI. Note that the owner of the AMI always has launch permissions and is therefore unaffected by this command.

$ aws ec2 reset-image-attribute --image-id ami-2bb65342 --attribute launchPermission

Sharing an AMI Using the Amazon EC2 CLI

Use the ec2-modify-image-attribute command to share an AMI as shown in the following examples.

To grant explicit launch permissions

The following command grants launch permissions for the specified AMI to the specified AWS account.

$ ec2-modify-image-attribute ami-2bb65342 -l -a 111122223333

To remove launch permissions for an account

The following command removes launch permissions for the specified AMI from the specified AWS account:

$ ec2-modify-image-attribute ami-2bb65342 -l -r 111122223333

To remove all launch permissions

The following command removes all public and explicit launch permissions from the specified AMI. Note that the owner of the AMI always has launch permissions and is therefore unaffected by this command.

$ ec2-reset-image-attribute ami-2bb65342 -l