Create EC2 stack instance - AMS Advanced Onboarding Guide

Create EC2 stack instance

Create an Amazon Elastic Compute Cloud, EC2 instance, using the AMS console or the AMS API/CLI.

Classification and CT ID: Deployment | Advanced stack components | EC2 stack | Create

Change type ID: ct-14027q0sjyt1h

Version: 3.0


Starting with version 3.0 of this change type, AMS does not attach the default AMS security groups if you specify your own security groups. If you do not specify your own security groups in the request, AMS attaches the AMS default security groups. In previous versions, AMS attached the default security groups whether or not you provided your own security groups.

The EC2 instance you create comes with default alarms and security groups:

  • Alarms (for details see Alerts from Baseline Monitoring in AMS):

    • CPU Too High

    • EPS DSM Communication

    • Greatest iowait

    • Log Agent HardFailure

    • Memory Free

    • Root Volume Inode Usage

    • Root Volume Usage

    • Swap Free

    • System Status

  • Default Security Groups:

    • InitialGarden-SentinelDefaultSecurityGroupPrivateOnly-ID

    • InitialGarden-SentinelDefaultSecurityGroupPrivateOnlyEgressAll-ID

For more information about Amazon EC2, including size recommendations, see Amazon Elastic Compute Cloud Documentation.

To update your EC2 stack after it's created, see EC2 Stack: Updating .


To create an EC2 stack with additional volumes, see Create EC2 stack instance with additional volumes.

Required data:

  • Subject: A title for the request.

  • Description: A reason for the request.

  • Name: A name for the stack or stack component; this becomes the Stack Name.

  • VpcId: The VPC to use. For information about finding VPC IDs, see Find VPC.

  • TimeoutInMinutes: The number of minutes allowed for the creation of the stack before the RFC fails. This setting will not delay the RFC execution, but you must give enough time (for example, don't specify "5"). Valid values are "60" up to "360," for long-running UserData.

  • Parameters:

    • InstanceAmiId: The AMI to use to create the EC2 instance. We recommend using the most recent AMI that begins with "customer-". For information about finding AMIs, see Finding an AMI.

      To use the CentOS AMIs, you must opt in to the Cent OS license from the AWS Marketplace. Either submit a Service Request to AMS to subscribe. Or, go to AWS Marketplace and follow the instructions for re-opting-in. You do not incur software charges for using this product, but you're responsible for other AWS charges, including EC2 usage.

    • InstanceSubnetId: The subnet that you want to launch the instance into. For information about finding subnet IDs, see Find Subnet.

Optional data (available with the Additional configuration view):


You can add up to 50 tags, but to do so you must enable the Additional configuration view.

  • InstanceDetailedMonitoring: True to enable detailed monitoring on the instance, false to use only basic monitoring. Default is false.

  • InstanceEBSOptimized: True for the instance to be optimized for Amazon Elastic Block Store I/O, false for it to not be. If you set this to true, choose an InstanceType that supports EBS optimization. Default is false, which means that you get basic EBS storage.

  • InstanceProfile: An IAM instance profile defined in your account for the EC2 instance. The default is the AWS-provided role, customer-mc-ec2-instanceprofile.

  • InstanceRootVolumeIops: The IOPS (Input/Output Operations Per Second) to use for the root volume, if the volume type is io1, io2 or gp3. The default is 100 for io1 or io2 volume type, whereas it is 3,000 if the volume type is gp3.

  • InstanceRootVolumeName: The name of the root volume to use. The default is /dev/xvda for Linux, and /dev/sda for Windows.

  • InstanceRootVolumeSize: The size of the root volume for the instance. The default is 8 GiB for Linux, and 30 GiB for Windows.

  • InstanceRootVolumeType: Choose io1, io2, gp2, or gp3 for SSD-backed volumes optimized for transactional workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed. The default is gp3.

  • InstanceType: The type of EC2 instance to deploy. If InstanceEBSOptimized = true, specify an InstanceType that supports EBS optimization. The default is t2.large. NOTE: EC2 instances need enough capacity to support AMS tools such as EPS, SSM, and Cloudwatch in addition to the application workload. AMS does not recommend the t2.micro/t3.micro and t2.nano/t3.nano types. These are smaller instance types, and can degrade the performance of your application and AMS tools. For more information, see Choosing the Right EC2 Instance Type for Your Application.

  • InstanceUserData: A newline-delimited list where each element is a line of script to be run on boot. For a new line, press ENTER.

  • SecurityGroupIds: IDs of existing custom security groups to associate with the instance, in the form sg-0123abcd or sg-01234567890abcdef. Up to three custom security groups may be specified. If nothing is specified, the default AMS security groups are applied.


    Currently, if you specify custom security groups, you must also specify the IDs of the default AMS security groups for your account, mc-initial-garden-SG-name and mc-initial-garden-SG-name.

The following shows this change type in the AMS console.

How it works:

  1. Navigate to the Choose change type page: RFCs -> Create RFC.

  2. Choose a change type from the drop-down lists. Optionally, open the Additional configuration area to select a change type version. After your selections are complete, a Change type: details area opens. Choose Next.

  3. Configure the request for change. A Subject is required. Optionally, open the Additional configuration area to add information about the RFC. Choose Next.

  4. Choose the execution parameters. At the top, in the RFC configuration area, enter values for the change type required parameters. These vary by change type. Open the Additional configuration area to add Tags or additional settings. Some change types also provide a Parameters area where only the required settings are visible. In that case, open the Additional configuration area to view optional parameters.

  5. When finished, choose Create. If there are no errors, the RFC successfully created page displays with the submitted RFC details, and the initial Execution output.

  6. Open the Execution parameters area to see the configurations you submitted. Refresh the page to update the RFC execution status. Optionally, cancel the RFC or create a copy of it with the options at the top of the page.

How it works:

  1. Use either the Inline Create (you issue a create-rfc command with all RFC and execution parameters included), or Template Create (you create two JSON files, one for the RFC parameters and one for the execution parameters) and issue the create-rfc command with the two files as input. Both methods are described here.

  2. Submit the RFC: aws amscm submit-rfc --rfc-id ID command with the returned RFC ID.

    Monitor the RFC: aws amscm get-rfc --rfc-id ID command.

To check the change type version, use this command:

aws amscm list-change-type-version-summaries --filter Attribute=ChangeTypeId,Value=CT_ID

You can use any CreateRfc parameters with any RFC whether or not they are part of the schema for the change type. For example, to get notifications when the RFC status changes, add this line, --notification "{\"Email\": {\"EmailRecipients\" : [\"\"]}}" to the RFC parameters part of the request (not the execution parameters). For a list of all CreateRfc parameters, see the AMS Change Management API Reference.


Issue the create RFC command with execution parameters provided inline (escape quotation marks when providing execution parameters inline), and then submit the returned RFC ID. For example, you can replace the contents with something like this:

aws amscm create-rfc --change-type-id "ct-14027q0sjyt1h" --change-type-version "3.0" --title "EC2-Create-RFC" --execution-parameters "{\"Description\": \"Create a new EC2 Instance stack\",\"VpcId\": \"vpc-0a60eb65b4EXAMPLE\",\"Name\": \"My-EC2\",\"TimeoutInMinutes\": 60,\"Parameters\": {\"InstanceAmiId\": \"ami-1234567890EXAMPLE\",\"InstanceDetailedMonitoring\": false,\"InstanceEBSOptimized\": false,\"InstanceProfile\": \"customer-mc-ec2-instance-profile\",\"InstanceRootVolumeIops\": 3000,\"InstanceRootVolumeType\": \"gp3\",\"InstanceType\": \"t2.large\",\"InstanceUserData\": \"\",\"InstanceSubnetId\": \"subnet-0bb1c79de3EXAMPLE\"}}"


  1. Output the execution parameters for this change type to a JSON file; this example names it CreateEC2Params.json:

    aws amscm get-change-type-version --change-type-id "ct-14027q0sjyt1h" --query "ChangeTypeVersion.ExecutionInputSchema" --output text > CreateEC2Params.json
  2. Modify and save the CreateEC2Params file. For example, you can replace the contents with something like this:

    { "Description": "Create a new EC2 Instance stack", "VpcId": "vpc-0a60eb65b4EXAMPLE", "Name": "My-EC2", "TimeoutInMinutes": 60, "Parameters": { "InstanceAmiId": "ami-1234567890EXAMPLE", "InstanceDetailedMonitoring": false, "InstanceEBSOptimized": false, "InstanceProfile": "customer-mc-ec2-instance-profile", "InstanceRootVolumeIops": 3000, "InstanceRootVolumeType": "gp3", "InstanceType": "t2.large", "InstanceUserData": "", "InstanceSubnetId": "subnet-0bb1c79de3EXAMPLE" } }
  3. Output the RFC template to a file in your current folder; this example names it CreateEC2Rfc.json:

    aws amscm create-rfc --generate-cli-skeleton > CreateEC2Rfc.json
  4. Modify and save the CreateEC2Rfc.json file. For example, you can replace the contents with something like this:.

    { "ChangeTypeVersion": "3.0", "ChangeTypeId": "ct-14027q0sjyt1h", "Title": "EC2-Create-RFC" }
  5. Create the RFC, specifying the CreateEC2Rfc file and the CreateEC2Params file:

    aws amscm create-rfc --cli-input-json file://CreateEC2Rfc.json --execution-parameters file://CreateEC2Params.json

    You receive the ID of the new RFC in the response and can use it to submit and monitor the RFC. Until you submit it, the RFC remains in the editing state and does not start.

If needed, see EC2 instance stack create fail.