Copy an Amazon EC2 AMI - Amazon Elastic Compute Cloud
ConsiderationsCostsCopy an AMIStop a pending AMI copy operation

Copy an Amazon EC2 AMI

When you need a consistent Amazon EC2 instance configuration across multiple Regions, you can use a single Amazon Machine Image (AMI) as your template to launch all the instances. However, AMIs are Region-specific resources—to launch an instance in a specific AWS Region, the AMI must be located in that Region. Therefore, to use the same AMI in multiple Regions, you must copy it from the source Region to each target Region.

The method you use to copy an AMI depends on whether you're copying across Regions within the same partition or across different partitions:

  • Cross-Region copying – Copy AMIs across Regions within the same partition, for example, across the Regions within the commercial partition. This copy method is described in this topic.

  • Cross-partition copying – Copy AMIs from one partition to another partition, for example, from the commercial partition to the AWS GovCloud (US) partition. For information about this copy method, see Store and restore an AMI.

  • Cross-account copying – Create a copy of an AMI that another AWS account has shared with your AWS account. This copy method is described in this topic.

The time taken to complete the copy operation for cross-Region and cross-account AMI copying is on a best-effort basis. If you need control over the completion time, you can specify a completion window ranging from 15 minutes to 48 hours, ensuring your AMI is copied within your required timeframe. Additional charges apply for time-based AMI copy operations. For more information, see Time-based copies in the Amazon EBS User Guide.

Contents

Considerations

  • Permission to copy AMIs – You can use IAM policies to grant or deny users permission to copy AMIs. Starting October 28, 2024, you can specify resource-level permissions for the CopyImage action on the source AMI. Resource-level permissions for the target AMI are available as before.

  • Launch permissions and Amazon S3 bucket permissions – AWS does not copy launch permissions or Amazon S3 bucket permissions from the source AMI to the new AMI. After the copy operation is complete, you can apply launch permissions and Amazon S3 bucket permissions to the new AMI.

  • Tags – You can only copy user-defined AMI tags that you attached to the source AMI. System tags (prefixed with aws:) and user-defined tags that are attached by other AWS accounts will not be copied. When copying an AMI, you can attach new tags to the target AMI and its backing snapshots.

  • Quotas for time-based AMI copies – After you reach your cumulative snapshot copy throughput quota, subsequent time-based AMI copy requests fail. For more information, see Quotas for time-based copies in the Amazon EBS User Guide.

Costs

There is no charge for copying an AMI when no completion time is specified. However, additional charges apply for time-based AMI copy operations. For more information, see Time-based copies in the Amazon EBS User Guide.

Standard storage and data transfer rates apply. If you copy an EBS-backed AMI, you will incur charges for the storage of any additional EBS snapshots.

Copy an AMI

You can copy an AMI to the same Region or another Region within the same partition. You can copy an AMI that you own or an AMI that was shared with you from another account.

Console
To copy an AMI

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. From the console navigation bar, select the Region that contains the AMI.

  3. In the navigation pane, choose AMIs to display the list of AMIs available to you in the Region.

  4. If you don't see the AMI you want to copy, choose a different filter. You can filter by AMIs Owned by me, Private images, Public images, and Disabled images.

  5. Select the AMI to copy, and then choose Actions, Copy AMI.

  6. On the Copy Amazon Machine Image (AMI) page, specify the following information:

    1. AMI copy name: A name for the new AMI. You can include the operating system information in the name because Amazon EC2 does not provide this information when displaying details about the AMI.

    2. AMI copy description: By default, the description includes information about the source AMI so that you can distinguish a copy from its original. You can change this description as needed.

    3. Destination Region: The Region in which to copy the AMI. For more information, see Cross-Region copying and Cross-account copying.

    4. Copy tags: Select this checkbox to include your user-defined AMI tags when copying the AMI. System tags (prefixed with aws:) and user-defined tags that are attached by other AWS accounts will not be copied.

    5. Time-based copy: You can specify whether the copy operation completes within a specific timeframe or on a best-effort basis, as follows:

      • To complete the copy within a specific timeframe:

        • Select Enable time-based copy.

        • For Completion duration, enter the number of minutes (in 15-minute increments) allowed for the copy operation. The completion duration applies to all snapshots associated with the AMI.

          For more information, see Time-based copies in the Amazon EBS User Guide.

      • To complete the copy on a best-effort basis:

        • Leave Enable time-based copy unselected.

    6. (EBS-backed AMIs only) Encrypt EBS snapshots of AMI copy: Select this checkbox to encrypt the target snapshots, or to re-encrypt them using a different key. If encryption by default is enabled, the Encrypt EBS snapshots of AMI copy checkbox is selected and cannot be cleared. For more information, see Encryption and copying.

    7. (EBS-backed AMIs only) KMS key: The KMS key to used to encrypt the target snapshots.

    8. Tags: You can tag the new AMI and the new snapshots with the same tags, or you can tag them with different tags.

      • To tag the new AMI and the new snapshots with the same tags, choose Tag image and snapshots together. The same tags are applied to the new AMI and every snapshot that is created.

      • To tag the new AMI and the new snapshots with different tags, choose Tag image and snapshots separately. Different tags are applied to the new AMI and the snapshots that are created. Note, however, that all the new snapshots that are created get the same tags; you can't tag each new snapshot with a different tag.

      To add a tag, choose Add tag, and enter the key and value for the tag. Repeat for each tag.

    9. When you're ready to copy the AMI, choose Copy AMI.

      The initial status of the new AMI is Pending. The AMI copy operation is complete when the status is Available.

AWS CLI
To copy an AMI

Use the copy-image command. You must specify both the source and destination Regions. You specify the source Region using the --source-region parameter. You can specify the destination Region using the --region parameter, if you haven't already configured a Region for the AWS CLI.

aws ec2 copy-image \
    --source-image-id ami-0abcdef1234567890 \
    --source-region us-west-2 \
    --name my-ami \
    --region us-east-1

When you encrypt a target snapshot during AMI copy, you must specify these additional parameters: --encrypted and --kms-key-id.

PowerShell
To copy an AMI

Use the Copy-EC2Image cmdlet. You must specify both the source and destination Regions. You specify the source Region using the -SourceRegion parameter. You can specify the destination Region using the -Region parameter or the Set-AWSDefaultRegion cmdlet.

Copy-EC2Image `
    -SourceImageId ami-0abcdef1234567890 `
    -SourceRegion us-west-2 `
    -Name my-ami `
    -Region us-east-1

When you encrypt a target snapshot during AMI copy, you must specify these additional parameters: -Encrypted and -KmsKeyId.

Stop a pending AMI copy operation

You can stop a pending AMI copy using the following procedures.

Console
To stop an AMI copy operation using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. From the navigation bar, select the destination Region from the Region selector.

  3. In the navigation pane, choose AMIs.

  4. Select the AMI to stop copying, and then choose Actions, Deregister AMI.

  5. When asked for confirmation, choose Deregister AMI.

AWS CLI
To stop an AMI copy operation using the AWS CLI

Use the deregister-image command.

aws ec2 deregister-image --image-id ami-0abcdef1234567890
PowerShell
To stop an AMI copy operation using the AWS Tools for PowerShell

Use the Unregister-EC2Image cmdlet.

Unregister-EC2Image -ImageId ami-0abcdef1234567890