CopyImage

Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.

To copy an AMI from one Region to another, specify the source Region using the SourceRegion parameter, and specify the destination Region using its endpoint. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot.

To copy an AMI from a Region to an Outpost, specify the source Region using the SourceRegion parameter, and specify the ARN of the destination Outpost using DestinationOutpostArn. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

For more information about the prerequisites and limits when copying an AMI, see Copy an AMI in the Amazon Elastic Compute Cloud User Guide.

Request Parameters

The following parameters are for this specific action. For more information about required and optional parameters that are common to all actions, see Common Query Parameters.

ClientToken

Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.

Type: String

Required: No

CopyImageTags

Indicates whether to include your user-defined AMI tags when copying the AMI.

The following tags will not be copied:

• System tags (prefixed with aws:)

• For public and shared AMIs, user-defined tags that are attached by other AWS accounts

Default: Your user-defined AMI tags are not copied.

Type: Boolean

Required: No

Description

A description for the new AMI in the destination Region.

Type: String

Required: No

DestinationOutpostArn

The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an AWS Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copy AMIs from an AWS Region to an Outpost in the Amazon Elastic Compute Cloud User Guide.

Type: String

Required: No

DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Type: Boolean

Required: No

Encrypted

Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default AWS Key Management Service (AWS KMS) KMS key using KmsKeyId. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

Type: Boolean

Required: No

KmsKeyId

The identifier of the symmetric AWS Key Management Service (AWS KMS) KMS key to use when creating encrypted volumes. If this parameter is not specified, your AWS managed KMS key for Amazon EBS is used. If you specify a KMS key, you must also set the encrypted state to true.

You can specify a KMS key using any of the following:

• Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

• Key alias. For example, alias/ExampleAlias.

• Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.

• Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

AWS authenticates the KMS key asynchronously. Therefore, if you specify an identifier that is not valid, the action can appear to complete, but eventually fails.

The specified KMS key must exist in the destination Region.

Amazon EBS does not support asymmetric KMS keys.

Type: String

Required: No

Name

The name of the new AMI in the destination Region.

Type: String

Required: Yes

SourceImageId

The ID of the AMI to copy.

Type: String

Required: Yes

SourceRegion

The name of the Region that contains the AMI to copy.

Type: String

Required: Yes

Response Elements

The following elements are returned by the service.

imageId

The ID of the new AMI.

Type: String

requestId

The ID of the request.

Type: String

Errors

For information about the errors that are common to all actions, see Common client error codes.

Examples

Example

This example request copies the AMI in us-west-2 with the ID ami-1a2b3c4d, naming the new AMI My-Standard-AMI.

Sample Request

https://ec2.amazonaws.com/?Action=CopyImage
&SourceRegion=us-west-2
&SourceImageId=ami-1a2b3c4d  
&Name=My-Standard-AMI
&Description=This%20is%20the%20new%20version%20of%20My-Standard-AMI     
&ClientToken=550e8400-e29b-41d4-a716-446655440000
&AUTHPARAMS

Sample Response

<CopyImageResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
   <requestId>60bc441d-fa2c-494d-b155-5d6a3EXAMPLE</requestId>
   <imageId>ami-4d3c2b1a</imageId>
</CopyImageResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3