Amazon EC2 makes it possible for users to share their AMIs with other users. This section describes how to do this using the Amazon EC2 command line tools.

Please be sure to read the section called “Building Shared AMIs” (which highlights the security considerations of sharing AMIs) before proceeding.

AMIs have a launchPermission property that controls which users, besides the owner, are allowed to launch instances of that AMI. By modifying an AMI's launchPermission property it is possible to allow all users to launch the AMI (make the AMI public) or to allow only a few specific users to launch the AMI (explicit launch permissions).

The launchPermission attribute is a list of users and launch groups. Launch permissions can be granted by adding items to the list and revoked by removing items from the list. Explicit launch permissions for users are granted or revoked by respectively adding or removing their AWS account ids. The only launch group currently supported is the all group, which gives launch permissions to all users and makes the AMI public. In the rest of this chapter we refer to launch groups simply as groups. These launch groups are not the same as security groups and the two should not be confused. An AMI may have both public and explicit launch permissions.

The owner of an AMI is not billed when their AMI is launched by another user. Only the user launching the AMI is billed.

An AMI is made public by adding the all group to the AMI's launchPermission attribute. This can be done with the ec2-modify-image-attribute command.

PROMPT>  ec2-modify-image-attribute ami-5bae4b32 --launch-permission -a all
launchPermission        ami-5bae4b32    ADD     group   all 

To check the launch permissions on an AMI use the ec2-describe-image-attribute command. In this example the shortened form of --launch-permission, -l, is used.

PROMPT> ec2-describe-image-attribute ami-5bae4b32 -l
launchPermission        ami-5bae4b32    group   all 

An AMI is be made private again by removing the all group from its launch permissions. This will not affect any explicit launch permissions the AMI may have or any running instances of the AMI.

PROMPT> ec2-modify-image-attribute ami-5bae4b32 -l -r all
launchPermission        ami-5bae4b32    REMOVE  group   all 

It is possible to share an AMI with specific users without making the AMI public. This is done by adding explicit launch permissions. To do this you need the user's AWS account id.

PROMPT> ec2-modify-image-attribute ami-5bae4b32 -l -a 495219933132
launchPermission        ami-5bae4b32    ADD     userId  495219933132 

Explicit launch permissions are removed in the same way as public launch permissions.

PROMPT> ec2-modify-image-attribute ami-5bae4b32 -l -r 495219933132
launchPermission        ami-5bae4b32    REMOVE  userId  495219933132 

Another way to remove launch permissions is to use the ec2-reset-image-attribute command. This will remove any launch permissions that have been added to an AMI, public and explicit. Owners always have launch permissions for their AMIs and will not lose those permissions by using ec2-reset-image-attribute.

PROMPT> ec2-reset-image-attribute ami-5bae4b32 -l
launchPermission        ami-5bae4b32    RESET 

AMIs can be published by posting them in the Amazon Web Services Resource Center, Public AMIs Folder.

The following information must be included when publishing AMIs:

We recommend the following information should also be included when publishing AMIs:

The following template can be cut and pasted into the document. You must be in HTML edit mode.

<strong>AMI&nbsp;ID: </strong>[ami-id]<br />
<strong>AMI&nbsp;Manifest: </strong>[bucket/image.manifest.xml]<br />
<h2>About this AMI</h2>
<ul>
                
    <li>Published by [Publisher] (<a href="http://www.mysite.com">[http://www.mysite.com]</a>).<br />
            </li>                           
    <li>[Key Features] <br />
            </li>                                   
    <li>[Description]</li>           
    <li>This image contains the following daemons / services:       
    <ul>
                                
        <li>[Daemon 1]</li>                                                                       
        <li>[Daemon 2]</li>          
    </ul>
            </li>
</ul>
<h2><strong>What&#39;s New?</strong></h2>The following changes were made on [Date].<br />
<ul>
                
    <li>[Release Notes 1]</li>
</ul>
<span style="font-size: x-small; font-family: courier new,courier">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;[Note 1]</span><br />
<span style="font-size: x-small; font-family: courier new,courier">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;[Note 2]</span><br />
<span style="font-size: x-small; font-family: courier new,courier">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;[Note 3]</span><br />
<ul>