AMS Amazon Machine Images (AMIs)

AMS produces updated Amazon Machine Images (AMIs) every month for AMS supported operating systems. In addition, AMS also produces security enhanced images (AMIs) based on CIS Level 1 benchmark for a subset of AMS's supported operating systems. To find out which operating systems have a security enhanced image available, see the AMS Security User Guide, which is available through AWS Artifact -> Reports page (find the Reports option in the left navigation pane) filtered for AWS Managed Services. To access AWS Artifact, can contact your CSDM for instructions or go to Getting Started with AWS Artifact.

To receive alerts when new AMS AMIs are released, you can subscribe to an Amazon Simple Notification Service (Amazon SNS) notification topic called "AMS AMI". For details, see AMS AMI notifications with SNS.

The AMS AMI naming convention is: customer-ams-<operating system>-<release date> - <version>. (for example, customer-ams-rhel6-2018.11-3)

Only use AMS AMIs that start with customer.

AMS recommends always using the most recent AMI. You can find the most recent AMIs by either:

Looking in the AMS console, on the AMIs page.
Viewing the latest AMS AMI CSV file, available from your CSDM or through this ZIP file: AMS 02.2024 AMI contents and CSV file in a ZIP.

For past AMI ZIP files, see the Doc History.

Running this AMS SKMS command (AMS SKMS SDK required):


aws amsskms list-amis --vpc-id VPC_ID --query "Amis.sort_by(@,&Name)[? starts_with(Name,'customer')].[Name,AmiId,CreationTime]" --output table

AMS AMI content added to base AWS AMIs, by operating system (OS)

Linux AMIs:
- AWS CLI Tools
- NTP
- Trend Micro Endpoint Protection Service Agent
- Code Deploy
- PBIS / Beyond Trust AD Bridge
- SSM Agent
- Yum Upgrade for critical patches
- AMS custom scripts / management software (controlling boot, AD join, monitoring, security, and logging)
Windows Server AMIs:
- Microsoft .NET Framework 4.5
- PowerShell 5.1
- AWS Tools for Windows PowerShell
- AMS PowerShell Modules controlling boot, AD join, monitoring, security, and logging
- Trend Micro Endpoint Protection Service Agent
- SSM Agent
- CloudWatch Agent
- EC2Config service (through Windows Server 2012 R2)
- EC2Launch (Windows Server 2016 and Windows Server 2019)
- EC2LaunchV2 (Windows Server 2022 and later)

Linux-based AMIs:

Amazon Linux 2023 (Latest Minor Release)
Amazon Linux 2 (Latest Minor Release)
Amazon Linux (Latest 2018.03 Release)
Red Hat Enterprise 7 (Latest Minor Release)
Red Hat Enterprise 8 (Latest Minor Release)
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server 15 SP4
Ubuntu Linux 18.04
Ubuntu Linux 20.04
Ubuntu Linux 22.04
CentOS 7 (Latest Minor Release)

Note

To use the CentOS AMIs, you must opt in to the no cost Cent OS license from the AWS Marketplace. To do this, go to AWS Marketplace and follow the instructions for opting in.

Amazon Linux: For product overview, pricing information, usage information, and support information, see Amazon Linux AMI (HVM / 64-bit) and Amazon Linux 2.

For more information, see Amazon Linux 2 FAQs.
RedHat Enterprise Linux (RHEL): For product overview, pricing information, usage information, and support information, see Red Hat Enterprise Linux (RHEL) 7 (HVM).
Ubuntu Linux 18.04: For product overview, pricing information, usage information, and support information, see Ubuntu 18.04 LTS - Bionic.
CentOS: To use the CentOS AMIs, you must opt in to the no cost Cent OS license from the AWS Marketplace. To do this, go to AWS Marketplace and follow the instructions for opting, or re-opting, in. You do not incur software charges for using this product, but you are responsible for other AWS charges, including EC2 usage.
SUSE Linux Enterprise Server for SAP applications 15:
- Run the following steps once per account:
  1. Navigate to the AWS Marketplace.
  2. Search for the respective SUSE 15 SAP product. We currently support:
    
    SUSE Linux Enterprise Server for SAP Applications 15
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
  3. Click Continue to subscribe.
  4. Click Accept terms.
- Complete the following steps every time you need to launch a new SUSE Linux Enterprise Server for SAP Applications 15 instance:
  1. Note the AMI ID for the subscribed SUSE Linux Enterprise Server for SAP Applications 15 AMI.
  2. Create a manual (Management | Other | Other | Create) RFC with the following wording; replace AMI ID with the AWS Marketplace AMI ID you have subscribed to.

Windows-based AMIs:

Microsoft Windows Server (2012, 2012 R2, 2016, 2019 and 2022), based on latest Windows AMIs, (for example: Windows_Server-2012-R2_RTM-English-64Bit-Base-*).

Additional information: For product overview, pricing, usage, and support, see Microsoft Windows Server 2012 RTM.

For examples of creating AMIs, see Create AMI.

Offboarding AMS AMIs:

AMS does not unshare any AMIs from you during offboarding to avoid impact for any of your depedencies. If you want to remove AMS AMIs from your account, you can use the cancel-image-launch-permission API to hide specific AMIs. For example, you can use the script below to hide all of the AMS AMIs that were shared with your account earlier:


for ami in $(aws ec2 describe-images --executable-users self --owners 027415890775 --query 'Images[].ImageId' --output text) ; 
    do
    aws ec2 cancel-image-launch-permission --image-id $ami ; 
    done

You must have the AWS CLI v2 installed for the script to execute without any errors. For AWS CLI installation steps, see Installing or updating the latest version of the AWS CLI. For details on the cancel-image-launch-permission command, see cancel-image-launch-permission.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AMS compliance

Security enhanced AMIs