Configure your Windows AMI for faster launching - Amazon Elastic Compute Cloud
PrerequisitesConfiguration scenariosStart faster launching for Windows AMIsStop faster launching for Windows AMIsView Windows AMIs that have faster launching enabled (AWS CLI)Service-linked role for faster launching for EC2 Windows instances

Configure your Windows AMI for faster launching

Every EC2 Windows instance must go through the standard Windows operating system (OS) launch steps, which include several reboots, and often take 15 minutes or longer to complete. Windows AMIs that are optimized for faster launching complete some of those steps and reboots in advance by launching a set of instances in the background, and then creating snapshots when they have completed the initial launch steps. The use of these snapshots in the faster launching process can significantly reduce the time it takes to launch instances when they are needed. This is not the same process as EBS fast snapshot restore.

Note

Any account that has access to an AMI that is configured for faster launching can benefit from reduced launch times. However, it is the AMI owner's account that provides the snapshots that are consumed for the launch.

Key terms

  • Pre-provisioned snapshot – A snapshot of an instance that was launched from a Windows AMI with faster launching enabled, and that has completed the following Windows launch steps, rebooting as required.

    • Sysprep specialize

    • Windows Out of Box Experience (OOBE)

    When these steps are complete, Amazon EC2 stops the instance, and creates a snapshot that is later used for faster launching from the AMI.

  • Launch frequency – Controls the number of pre-provisioned snapshots that Amazon EC2 can launch within the specified timeframe. When faster launching is enabled for the AMI, Amazon EC2 creates the initial set of pre-provisioned snapshots in the background. For example, if the launch frequency is set to five launches per hour, which is the default, then Amazon EC2 creates an initial set of five pre-provisioned snapshots.

    When an instance is launched, it uses one of the pre-provisioned snapshots to reduce the launch time. As snapshots are used, they are automatically replenished, up to the number specified by the launch frequency.

    If you expect a spike in the number of instances that are launched from your AMI – during a special event, for example – you can increase the launch frequency in advance to cover the additional instances that you'll need. When your launch rate returns to normal, you can adjust the frequency back down.

    When you experience a higher number of launches than anticipated, you might use up the fast-launching snapshots that you have available. This does not cause any launches to fail. However, it can result in some instances going through the standard launch process, until snapshots can be replenished.

  • Target resource count – The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI.

  • Max parallel launches – Controls how many instances can be launched at a time for creating the pre-provisioned snapshots. If your target resource count is higher than the number of max parallel launches, Amazon EC2 will initially launch the number of instances specified by the max parallel launches setting for creating the snapshots. As those instances complete the process and Amazon EC2 takes the snapshot and stops the instance, more instances are launched until the total number of snapshots available has reached the target resource count. This value must be 6 or greater.

Resource costs

There is no service charge to configure Windows AMIs for faster launching. However, standard pricing applies for underlying AWS resources that are used to prepare and store the pre-provisioned snapshots. The following example demonstrates how associated costs are allocated.

Example scenario: The AtoZ Example company has a Windows AMI with a 50-GiB EBS root volume. They enable faster launching for their AMI, and set the target resource count to five. Over the course of a month, using Windows faster launching for their AMI costs them around $5.00, and the cost breakdown is as follows:

  1. When AtoZ Example enables faster launching, Amazon EC2 launches five small instances. Each instance runs through the Sysprep and OOBE Windows launch steps, rebooting as required. This takes several minutes for each instance (time can vary, based on how busy that Region or Availability Zone (AZ) is, and on the size of the AMI).

    Costs

    • Instance runtime costs (or minimum runtime, if applicable): five instances

    • Volume costs: five EBS root volumes

  2. When the pre-provisioning process completes, Amazon EC2 takes a snapshot of the instance, which it stores in Amazon S3. Snapshots are typically stored for 4-8 hours before they are consumed by a launch. In this case, the cost is roughly $0.02 to $0.05 per snapshot.

    Costs

    • Snapshot storage (Amazon S3): five snapshots

  3. After Amazon EC2 takes the snapshot, it stops the instance. At that point, the instance is no longer accruing costs. However EBS volume costs continue to accrue.

    Costs

    • EBS volumes: costs continue for the associated EBS root volumes.

Note

The costs shown here are for demonstration purposes only. Your costs will vary, depending on your AMI configuration and pricing plan.

You can configure Windows AMIs that you own for faster launching using the Amazon EC2 console, API, SDKs, or ec2 commands in the AWS CLI. The following sections cover configuration steps for the Amazon EC2 console and AWS CLI.

Prerequisites

Before you set up faster launching for EC2 Windows instances, you must verify that the following prerequisites are met:

  • If you are using the AWS Management Console to configure your settings, ensure that a default VPC is configured for the Region in which you use faster launching for EC2 Windows instances. You cannot have EC2 Classic enabled in the Region, even if you have a default VPC configured. For more information about EC2 Classic, see EC2-Classic Networking is Retiring - Here's How to Prepare.

  • You can use a launch template to specify a non-default VPC by using the AWS CLI, EC2 API actions, or SDKs.

  • To change the settings for faster launching for EC2 Windows instances, your AWS account must own the Windows AMI.

  • The Windows AMI that you use to configure faster launching for EC2 Windows instances must be created using Sysprep with the shutdown option. AMIs that are created from an instance without running Sysprep are not currently supported. To create an AMI using Sysprep, see Create a custom Windows AMI.

Configuration scenarios

This section addresses specific scenarios to help you configure your Windows AMI for faster launching.

Scenario 1: You have deleted your default VPC

You have the following options to specify your VPC:

  • If you are using the AWS Management Console to configure your environment, you must use a default VPC in the Region for which you are configuring faster launching. To create a default VPC, see Create a default VPC in the Amazon VPC User Guide.

  • If you run the enable-fast-launch command in the AWS CLI, or call the EnableFastLaunch API action, you can specify the VPC in your launch template.

Scenario 2: You are using IMDSv2 for your launch

If your account includes a policy that enforces IMDSv2 for Amazon EC2 instances, you must create a launch template that specifies the metadata configuration to enforce IMDSv2. Amazon EC2 does not currently support this in the AWS Management Console.

Run the enable-fast-launch command in the AWS CLI, or call the EnableFastLaunch API action, specifying the launch template that includes your metadata configuration.

Start faster launching for Windows AMIs

To start faster launching for EC2 Windows instances, choose the tab that matches your environment, and follow the steps.

Note

Before changing these settings, make sure that your AMI, and the Region that you run in meet all Prerequisites.

Console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under Images, choose AMIs.

  3. Choose the AMI to update by selecting the check box next to the Name.

  4. From the Actions menu above the list of AMIs, choose Manage image optimization. This opens the Manage image optimizations page, where you configure the settings for faster launching.

  5. To start using pre-provisioned snapshots to launch instances from your Windows AMI faster, select the Enable Windows faster launching check box.

  6. From the Set anticipated launch frequency drop-down list, choose a value to specify the number of snapshots that are created and maintained to cover your expected instance launch volume.

  7. When you're done making changes, choose Save changes.

AWS CLI

The enable-fast-launch command calls the Amazon EC2 EnableFastLaunch API operation.

Syntax:

aws ec2 enable-fast-launch \
	--image-id <value> \
	--resource-type <value> \ (optional)
	--snapshot-configuration <value> \ (optional)
	--launch-template <value> \ (optional)
	--max-parallel-launches <value> \ (optional)
	--dry-run | --no-dry-run \  (optional)
	--cli-input-json <value> \ (optional)
	--generate-cli-skeleton <value> \ (optional)

Example:

The following enable-fast-launch example starts faster launching for the specified AMI, launching six parallel instances for pre-provisioning. The ResourceType is set to snapshot, which is the default value.

aws ec2 enable-fast-launch \
        --image-id ami-01234567890abcedf  \
        --max-parallel-launches 6 \
        --resource-type snapshot

Output:

{
    "ImageId": "ami-01234567890abcedf",
    "ResourceType": "snapshot",
    "SnapshotConfiguration": {
        "TargetResourceCount": 10
    },
    "LaunchTemplate": {},
    "MaxParallelLaunches": 6,
    "OwnerId": "0123456789123",
    "State": "enabling",
    "StateTransitionReason": "Client.UserInitiated",
    "StateTransitionTime": "2022-01-27T22:16:03.199000+00:00"
}
Tools for Windows PowerShell

The Enable-EC2FastLaunch cmdlet calls the Amazon EC2 EnableFastLaunch API operation.

Syntax:

Enable-EC2FastLaunch
     -ImageId <String>
     -LaunchTemplate_LaunchTemplateId <String>
     -LaunchTemplate_LaunchTemplateName <String>
     -MaxParallelLaunch <Int32>
     -ResourceType <String>
     -SnapshotConfiguration_TargetResourceCount <Int32>
     -LaunchTemplate_Version <String>
     -Select <String>
     -PassThru <SwitchParameter>
     -Force <SwitchParameter>

Example:

The following Enable-EC2FastLaunch example starts faster launching for the specified AMI, launching six parallel instances for pre-provisioning. The ResourceType is set to snapshot, which is the default value.

Enable-EC2FastLaunch `
-ImageId ami-01234567890abcedf `
-MaxParallelLaunch 6 `
-Region us-west-2 `
-ResourceType snapshot

Output:


ImageId               : ami-01234567890abcedf
LaunchTemplate        : 
MaxParallelLaunches   : 6
OwnerId               : 0123456789123
ResourceType          : snapshot
SnapshotConfiguration : Amazon.EC2.Model.FastLaunchSnapshotConfigurationResponse
State                 : enabling
StateTransitionReason : Client.UserInitiated
StateTransitionTime   : 2/25/2022 12:24:11 PM

Stop faster launching for Windows AMIs

To stop faster launching for EC2 Windows instances, choose the tab that matches your environment, and follow the steps.

Note

Before changing these settings, make sure that your AMI, and the Region that you run in meet all Prerequisites.

Console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under Images, choose AMIs.

  3. Choose the AMI to update by selecting the check box next to the Name.

  4. From the Actions menu above the list of AMIs, choose Manage image optimizations. This opens the Manage image optimizations page, where you configure the settings for faster launching.

  5. Clear the Enable Windows faster launching check box to stop faster launching for EC2 Windows instances and to remove pre-provisioned snapshots. This results in the AMI using the standard launch process for each instance, going forward.

    Note

    When you stop Windows image optimization, any existing pre-provisioned snapshots are automatically deleted. This step must be completed before you can start using the feature again.

  6. When you're done making changes, choose Save changes.

AWS CLI

The disable-fast-launch command calls the Amazon EC2 DisableFastLaunch API operation.

Syntax:

aws ec2 disable-fast-launch \
	--image-id <value> \
	--force | --no-force \ (optional)
	--dry-run | --no-dry-run \ (optional)
	--cli-input-json <value> \ (optional)
	--generate-cli-skeleton <value> \ (optional)

Example:

The following disable-fast-launch example stops faster launching on the specified AMI, and cleans up existing pre-provisioned snapshots.

aws ec2 disable-fast-launch \
        --image-id ami-01234567890abcedf

Output:

{
    "ImageId": "ami-01234567890abcedf",
    "ResourceType": "snapshot",
    "SnapshotConfiguration": {},
    "LaunchTemplate": {
        "LaunchTemplateId": "lt-01234567890abcedf",
        "LaunchTemplateName": "EC2FastLaunchDefaultResourceCreation-a8c6215d-94e6-441b-9272-dbd1f87b07e2",
        "Version": "1"
    },
    "MaxParallelLaunches": 6,
    "OwnerId": "0123456789123",
    "State": "disabling",
    "StateTransitionReason": "Client.UserInitiated",
    "StateTransitionTime": "2022-01-27T22:47:29.265000+00:00"
}
Tools for Windows PowerShell

The Disable-EC2FastLaunch cmdlet calls the Amazon EC2 DisableFastLaunch API operation.

Syntax:

Disable-EC2FastLaunch 
     -ImageId <String>
     -ForceStop <Boolean>
     -Select <String>
     -PassThru <SwitchParameter>
     -Force <SwitchParameter>

Example:

The following Disable-EC2FastLaunch example stops faster launching on the specified AMI, and cleans up existing pre-provisioned snapshots.

Disable-EC2FastLaunch -ImageId ami-01234567890abcedf

Output:


ImageId               : ami-01234567890abcedf
LaunchTemplate        : Amazon.EC2.Model.FastLaunchLaunchTemplateSpecificationResponse
MaxParallelLaunches   : 6
OwnerId               : 0123456789123
ResourceType          : snapshot
SnapshotConfiguration : 
State                 : disabling
StateTransitionReason : Client.UserInitiated
StateTransitionTime   : 2/25/2022 1:10:08 PM

View Windows AMIs that have faster launching enabled (AWS CLI)

You can use the describe-fast-launch-images command in the AWS CLI, or the Get-EC2FastLaunchImage Tools for Windows PowerShell cmdlet to get details for Windows AMIs that have faster launching enabled.

Amazon EC2 provides the following details for each Windows AMI that is returned in the results:

  • The image ID that identifies the fast-launch enabled Windows image.

  • The resource type that is used for pre-provisioning the Windows AMI. Supported value: snapshot.

  • The snapshot configuration, which is a group of parameters that is used for pre-provisioning the associated Windows AMI using snapshots.

  • Launch template information, including the ID, name, and version of the launch template that the AMI uses when it launches Window instances from pre-provisioned snapshots.

  • The maximum number of parallel instances that are launched for creating resources.

  • The owner ID for the fast-launch enabled Windows AMI.

  • The current state of faster launching for the specified Windows AMI. Supported values include: enabling | enabling-failed | enabled | enabled-failed | disabling | disabling-failed.

  • The reason that faster launching for the Windows AMI changed to the current state.

  • The time that faster launching for the Windows AMI changed to the current state.

Choose the tab that matches your command line environment:

AWS CLI

The describe-fast-launch-images command calls the Amazon EC2 DescribeFastLaunchImages API operation.

Syntax:

aws ec2 describe-fast-launch-images \
	--image-ids <value> \ (optional)
	--filters <value> \ (optional)
	--dry-run | --no-dry-run \ (optional)
	--cli-input-json <value> \ (optional)
	--starting-token <value> \ (optional)
	--page-size <value> \ (optional)
	--max-items <value> \ (optional)
	--generate-cli-skeleton <value> \ (optional)

Example:

The following describe-fast-launch-images example describes the details for each of the AMIs in the account that are configured for faster launching. In this example, only one AMI in the account is configured for faster launching.

aws ec2 describe-fast-launch-images

Output:

{
    "FastLaunchImages": [
        {
            "ImageId": "ami-01234567890abcedf",
            "ResourceType": "snapshot",
            "SnapshotConfiguration": {},
            "LaunchTemplate": {
                "LaunchTemplateId": "lt-01234567890abcedf",
                "LaunchTemplateName": "EC2FastLaunchDefaultResourceCreation-a8c6215d-94e6-441b-9272-dbd1f87b07e2",
                "Version": "1"
            },
            "MaxParallelLaunches": 6,
            "OwnerId": "0123456789123",
            "State": "enabled",
            "StateTransitionReason": "Client.UserInitiated",
            "StateTransitionTime": "2022-01-27T22:20:06.552000+00:00"
        }
    ]
}
Tools for Windows PowerShell

The Get-EC2FastLaunchImage cmdlet calls the Amazon EC2 DescribeFastLaunchImages API operation.

Syntax:

Get-EC2FastLaunchImage
-Filter <Filter[]>
-ImageId <String[]>
-MaxResult <Int32>
-NextToken <String>
-Select <String>
-NoAutoIteration <SwitchParameter>

Example:

The following Get-EC2FastLaunchImage example describes the details for each of the AMIs in the account that are configured for faster launching. In this example, only one AMI in the account is configured for faster launching.

Get-EC2FastLaunchImage -ImageId ami-01234567890abcedf

Output:


ImageId               : ami-01234567890abcedf
LaunchTemplate        : Amazon.EC2.Model.FastLaunchLaunchTemplateSpecificationResponse
MaxParallelLaunches   : 6
OwnerId               : 0123456789123
ResourceType          : snapshot
SnapshotConfiguration : 
State                 : enabled
StateTransitionReason : Client.UserInitiated
StateTransitionTime   : 2/25/2022 12:54:43 PM

Service-linked role for faster launching for EC2 Windows instances

Amazon EC2 uses service-linked roles for the permissions that it requires to call other AWS services on your behalf. A service-linked role is a unique type of IAM role that is linked directly to an AWS service. Service-linked roles provide a secure way to delegate permissions to AWS services because only the linked service can assume a service-linked role. For more information about how Amazon EC2 uses IAM roles, including service-linked roles, see IAM roles for Amazon EC2.

Amazon EC2 uses the service-linked role named AWSServiceRoleForEC2FastLaunch to create and manage a set of pre-provisioned snapshots that reduce the time it takes to launch instances from your Windows AMI.

You don't need to create this service-linked role manually. When you start using faster launching for EC2 Windows instances for your AMI, Amazon EC2 creates the service-linked role for you, if it does not already exist.

Note

If the service-linked role is deleted from your account, you can start faster launching for EC2 Windows instances for another Windows AMI to re-create the role in your account. Alternatively, you can stop faster launching for EC2 Windows instances for your current AMI, and then start it again. However, stopping the feature results in your AMI using the standard launch process for all new instances while Amazon EC2 removes all of your pre-provisioned snapshots. After all of the pre-provisioned snapshots are gone, you can start using faster launching for EC2 Windows instances for your AMI again.

Amazon EC2 does not allow you to edit the AWSServiceRoleForEC2FastLaunch service-linked role. After you create a service-linked role, you cannot change the name of the role because various entities might reference the role. However, you can edit the description of the role by using IAM. For more information, see Editing a Service-Linked Role in the IAM User Guide.

You can delete a service-linked role only after first deleting all of the related resources. This protects the Amazon EC2 resources that are associated with your faster launching-enabled AMI because you can't inadvertently remove permission to access the resources.

Amazon EC2 supports the faster launching for EC2 Windows instances service-linked role in all of the Regions where the Amazon EC2 service is available. For more information, see Regions.

Permissions granted by AWSServiceRoleForEC2FastLaunch

Amazon EC2 uses the EC2FastLaunchServiceRolePolicy managed policy to complete the following actions:

  • cloudwatch:PutMetricData – Post metric data associated with faster launching for EC2 Windows instances to the Amazon EC2 namespace.

  • ec2:CreateLaunchTemplate – Create a launch template for your faster launching-enabled AMI.

  • ec2:CreateSnapshot – Create pre-provisioned snapshots for your faster launching-enabled AMI.

  • ec2:CreateTags – Create tags for resources that are associated with launching and pre-provisioning Windows instances for your faster launching-enabled AMI.

  • ec2:DeleteSnapshots – Delete all associated pre-provisioned snapshots if faster launching for EC2 Windows instances is turned off for a previously enabled AMI.

  • ec2:DescribeImages – Describe images for all resources.

  • ec2:DescribeInstanceAttribute – Describe instance attributes for all resources.

  • ec2:DescribeInstanceStatus – Describe instance status for all resources.

  • ec2:DescribeInstances – Describe instances for all resources.

  • ec2:DescribeInstanceTypeOfferings – Describe instance type offerings for all resources.

  • ec2:DescribeLaunchTemplates – Describe launch templates for all resources.

  • ec2:DescribeLaunchTemplateVersions – Describe launch template versions for all resources.

  • ec2:DescribeSnapshots – Describe snapshot resources for all resources.

  • ec2:DescribeSubnets – Describe subnets for all resources.

  • ec2:RunInstances – Launch instances from a faster launching-enabled AMI, in order to perform provisioning steps.

  • ec2:StopInstances – Stop instances that were launched from a faster launching-enabled AMI in order to create pre-provisioned snapshots.

  • ec2:TerminateInstances – Terminate an instance that was launched from a faster launching-enabled AMI after creating the pre-provisioned snapshot from it.

  • iam:PassRole – Allows the AWSServiceRoleForEC2FastLaunch service-linked role to launch instances on your behalf using the instance profile from your launch template.

For more information about using managed policies for Amazon EC2, see AWS managed policies for Amazon Elastic Compute Cloud.

Access to customer managed keys for use with encrypted AMIs and EBS snapshots

Prerequisite

  • To enable Amazon EC2 to access an encrypted AMI on your behalf, you must have permission for the createGrant action in the customer managed key.

When you enable faster launching for EC2 Windows instances for an encrypted AMI, Amazon EC2 ensures that permission is granted for the AWSServiceRoleForEC2FastLaunch role to use the customer managed key to access your AMI. This permission is needed to launch instances and create pre-provisioned snapshots on your behalf.