Posts

Instance Launch Behavior With Amazon EC2 Boot Modes

Image
  About When a computer starts up, the initial software it executes is tasked with setting up the platform and offering an interface for the operating system to carry out operations specific to the platform. Amazon EC2 supports two types of boot mode software: Unified Extensible Firmware Interface (UEFI) and Legacy BIOS. Possible boot mode parameters on an AMI An AMI can possess one of these boot mode parameter values: uefi, legacy-bios, or uefi-preferred. The boot mode parameter for an AMI is not mandatory. Instances launched from AMIs that lack a boot mode parameter will utilize the default boot mode value associated with the specific instance type. Purpose of the AMI boot mode parameter The AMI boot mode setting indicates to Amazon EC2 the boot mode to utilize during instance launch. When this parameter is configured to uefi, EC2 will try to start the instance using UEFI. If the operating system isn’t set up to support UEFI, the instance will fail to launch. UEFI Preferred boot ...

Deregister an Amazon EC2 AMI

Image
  About When you deregister an AMI, it is permanently removed from Amazon EC2. Once an AMI is deregistered, it can no longer be used to launch new instances. You might want to deregister an AMI after you have finished using it. To safeguard against accidental or intentional deregistration of an AMI, you can enable protection. If you mistakenly deregister an EBS-backed AMI, you have the option to use the deregistration Recycle Bin to restore it, provided you do so within the specified time frame before it is permanently deleted. When you deregister an AMI, you have the option to delete its associated snapshots simultaneously. However, if a snapshot is linked to several AMIs, it will not be removed even if you choose to delete it; the AMI will still be deregistered. Any snapshots that are not deleted will still result in ongoing storage charges. Deregistering an AMI does not impact any instances that were started from it. You can still operate these instances without any issues. By d...

Disable an Amazon EC2 AMI

Image
  About You can deactivate an AMI to stop it from being utilized for instance launches. Launching new instances from a deactivated AMI is not possible. A disabled AMI can be reactivated, allowing it to be used again for instance launches. Both public and private AMIs can be deactivated. To lower storage expenses for infrequently used disabled EBS-backed AMIs that must be kept long-term, you can archive their related snapshots. How AMI disable works? When an AMI is disabled: The AMI's state changes to disabled. A disabled AMI can't be shared. If an AMI was public or previously shared, it is made private. If an AMI was shared with an AWS account, organization, or Organizational Unit, they lose access to the disabled AMI. A disabled AMI does not appear in DescribeImages API calls by default. A disabled AMI does not appear under the Owned by me console filter. To find disabled AMIs, use the Disabled images console filter. A disabled AMI is not available to select for instance launc...

Deprecate an Amazon EC2 AMI

Image
  Introduction You can mark an AMI as deprecated to show that it is outdated and should be avoided. Additionally, you can set a future date for the deprecation of an AMI, signaling when it will no longer be considered up to date. After an AMI is deprecated: For AMI users, the deprecated AMI does not appear in DescribeImages API calls unless you specify its ID or specify that deprecated AMIs must appear. AMI owners continue to see deprecated AMIs in DescribeImages API calls. For AMI users, the deprecated AMI is not available to select via the EC2 console. For AMI users, if you know the ID of a deprecated AMI, you can continue to launch instances using the deprecated AMI by using the API, CLI, or the SDKs. Launch services, such as launch templates and Auto Scaling groups, can continue to reference deprecated AMIs. EC2 instances that were launched using an AMI that is subsequently deprecated are not affected, and can be stopped, started, and rebooted. You can deprecate both priva...

Create A Store Image Task

Image
  Introduction When you save an AMI in an S3 bucket, a task for storing the image is initiated. This store image task allows you to track the progress and result of the procedure. Securing your AMIs It is crucial to verify that the S3 bucket is set up with adequate security to protect the content of the AMI and that this security is upheld for the entire duration that the AMI objects are stored in the bucket. If this cannot be achieved, it is advisable to refrain from using these APIs. Make sure that public access to the S3 bucket is prohibited. It is suggested to activate Server-side encryption for the S3 buckets where you keep the AMIs, even though it’s not mandatory. When AMI snapshots are transferred to the S3 object, they are sent over TLS connections. It is possible to save AMIs that contain encrypted snapshots; however, the snapshots will be decrypted during the storing process. Identify the source AMI used to create a new Amazon EC2 AMI You can determine the AMI that was us...

How AMI Store & Restore Works?

Image
  CreateStoreImageTask The CreateStoreImageTask API stores an AMI as a single object in an S3 bucket. The API initiates a task that collects all the data from the AMI and its associated snapshots, subsequently using an S3 multipart upload to store this data in an S3 object. It gathers all elements of the AMI, including most of the non-Region-specific metadata and all EBS snapshots included in the AMI, and consolidates them into a single object in S3. During the upload process, the data is compressed to minimize the space utilized in S3, which means that the S3 object could be smaller than the total sizes of the snapshots in the AMI. If the account making this API call has access to AMI and snapshot tags, they will be retained. The S3 object shares the same ID as the AMI, except it has a .bin extension. Additionally, the S3 metadata tags for the object include the AMI name, AMI description, AMI registration date, AMI owner account, and a timestamp indicating when the store operation...

Amazon EC2 AMI Lifecycle (Part 8)

Image
  Store and restore an AMI using S3 You have the ability to save an Amazon Machine Image (AMI) in an Amazon S3 bucket, transfer the AMI to a different S3 bucket, and subsequently restore it from there. By utilizing S3 buckets to store and retrieve an AMI, you can move AMIs between various AWS partitions, such as from the primary commercial partition to the AWS GovCloud (US) partition. Additionally, you can create backup copies of AMIs by keeping them in an S3 bucket. Use cases Use the store and restore APIs to do the following: Copy an AMI between AWS partitions- By storing and restoring an AMI using S3 buckets, you can copy an AMI from one AWS partition to another, or from one AWS Region to another. Make archival copies of AMIs- You can make archival copies of AMIs by storing them in an S3 bucket. The AMI is packed into a single object in S3, and all of the AMI metadata (excluding sharing information) is preserved as part of the stored AMI. The AMI data is compressed as part of th...