- Navigation GuideYou are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.
CopyImageCommand
Initiates an AMI copy operation. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask .
When you copy an AMI from one Region to another, the destination Region is the current Region.
When you copy an AMI from a Region to an Outpost, specify the ARN of the Outpost as the destination. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region or the key that you specify. Outposts do not support unencrypted snapshots.
For information about the prerequisites when copying an AMI, see Copy an AMI in the Amazon EC2 User Guide.
Example Syntax
Use a bare-bones client and the command you need to make an API call.
import { EC2Client, CopyImageCommand } from "@aws-sdk/client-ec2"; // ES Modules import
// const { EC2Client, CopyImageCommand } = require("@aws-sdk/client-ec2"); // CommonJS import
const client = new EC2Client(config);
const input = { // CopyImageRequest
ClientToken: "STRING_VALUE",
Description: "STRING_VALUE",
Encrypted: true || false,
KmsKeyId: "STRING_VALUE",
Name: "STRING_VALUE", // required
SourceImageId: "STRING_VALUE", // required
SourceRegion: "STRING_VALUE", // required
DestinationOutpostArn: "STRING_VALUE",
CopyImageTags: true || false,
TagSpecifications: [ // TagSpecificationList
{ // TagSpecification
ResourceType: "capacity-reservation" || "client-vpn-endpoint" || "customer-gateway" || "carrier-gateway" || "coip-pool" || "declarative-policies-report" || "dedicated-host" || "dhcp-options" || "egress-only-internet-gateway" || "elastic-ip" || "elastic-gpu" || "export-image-task" || "export-instance-task" || "fleet" || "fpga-image" || "host-reservation" || "image" || "import-image-task" || "import-snapshot-task" || "instance" || "instance-event-window" || "internet-gateway" || "ipam" || "ipam-pool" || "ipam-scope" || "ipv4pool-ec2" || "ipv6pool-ec2" || "key-pair" || "launch-template" || "local-gateway" || "local-gateway-route-table" || "local-gateway-virtual-interface" || "local-gateway-virtual-interface-group" || "local-gateway-route-table-vpc-association" || "local-gateway-route-table-virtual-interface-group-association" || "natgateway" || "network-acl" || "network-interface" || "network-insights-analysis" || "network-insights-path" || "network-insights-access-scope" || "network-insights-access-scope-analysis" || "placement-group" || "prefix-list" || "replace-root-volume-task" || "reserved-instances" || "route-table" || "security-group" || "security-group-rule" || "snapshot" || "spot-fleet-request" || "spot-instances-request" || "subnet" || "subnet-cidr-reservation" || "traffic-mirror-filter" || "traffic-mirror-session" || "traffic-mirror-target" || "transit-gateway" || "transit-gateway-attachment" || "transit-gateway-connect-peer" || "transit-gateway-multicast-domain" || "transit-gateway-policy-table" || "transit-gateway-route-table" || "transit-gateway-route-table-announcement" || "volume" || "vpc" || "vpc-endpoint" || "vpc-endpoint-connection" || "vpc-endpoint-service" || "vpc-endpoint-service-permission" || "vpc-peering-connection" || "vpn-connection" || "vpn-gateway" || "vpc-flow-log" || "capacity-reservation-fleet" || "traffic-mirror-filter-rule" || "vpc-endpoint-connection-device-type" || "verified-access-instance" || "verified-access-group" || "verified-access-endpoint" || "verified-access-policy" || "verified-access-trust-provider" || "vpn-connection-device-type" || "vpc-block-public-access-exclusion" || "route-server" || "route-server-endpoint" || "route-server-peer" || "ipam-resource-discovery" || "ipam-resource-discovery-association" || "instance-connect-endpoint" || "verified-access-endpoint-target" || "ipam-external-resource-verification-token",
Tags: [ // TagList
{ // Tag
Key: "STRING_VALUE",
Value: "STRING_VALUE",
},
],
},
],
SnapshotCopyCompletionDurationMinutes: Number("long"),
DryRun: true || false,
};
const command = new CopyImageCommand(input);
const response = await client.send(command);
// { // CopyImageResult
// ImageId: "STRING_VALUE",
// };
Example Usage
CopyImageCommand Input
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
NameRequired | string | undefined | The name of the new AMI in the destination Region. |
SourceImageIdRequired | string | undefined | The ID of the AMI to copy. |
SourceRegionRequired | string | undefined | The name of the Region that contains the AMI to copy. |
ClientToken | string | undefined | Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference. |
CopyImageTags | boolean | undefined | Indicates whether to include your user-defined AMI tags when copying the AMI. The following tags will not be copied:
Default: Your user-defined AMI tags are not copied. |
Description | string | undefined | A description for the new AMI in the destination Region. |
DestinationOutpostArn | string | undefined | The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. For more information, see Copy AMIs from an Amazon Web Services Region to an Outpost in the Amazon EBS User Guide. |
DryRun | boolean | undefined | Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is |
Encrypted | boolean | undefined | Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using |
KmsKeyId | string | undefined | The identifier of the symmetric Key Management Service (KMS) KMS key to use when creating encrypted volumes. If this parameter is not specified, your Amazon Web Services managed KMS key for Amazon EBS is used. If you specify a KMS key, you must also set the encrypted state to You can specify a KMS key using any of the following:
Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an identifier that is not valid, the action can appear to complete, but eventually fails. The specified KMS key must exist in the destination Region. Amazon EBS does not support asymmetric KMS keys. |
SnapshotCopyCompletionDurationMinutes | number | undefined | Specify a completion duration, in 15 minute increments, to initiate a time-based AMI copy. The specified completion duration applies to each of the snapshots associated with the AMI. Each snapshot associated with the AMI will be completed within the specified completion duration, regardless of their size. If you do not specify a value, the AMI copy operation is completed on a best-effort basis. For more information, see Time-based copies . |
TagSpecifications | TagSpecification[] | undefined | The tags to apply to the new AMI and new snapshots. You can tag the AMI, the snapshots, or both.
If you specify other values for To tag an AMI or snapshot after it has been created, see CreateTags . |
CopyImageCommand Output
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
$metadataRequired | ResponseMetadata | Metadata pertaining to this request. |
ImageId | string | undefined | The ID of the new AMI. |
Throws
Name | Fault | Details |
|---|
Name | Fault | Details |
|---|---|---|
| EC2ServiceException | Base exception class for all service exceptions from EC2 service. |