Sharing an AMI with Specific Users
You can share an AMI with specific users without making the AMI public. All you need is the user's AWS user's account ID, which is available on the AWS Account Activity page.
To grant explicit launch permissions
-
Enter the following command:
PROMPT>
ec2-modify-image-attribute
<ami_id>
-l -a<user_id>
where
<ami_id>
is the ID of the AMI and<user_id>
is the user's account ID, without hyphens.
To remove launch permissions for a user
-
Enter the following command:
PROMPT>
ec2-modify-image-attribute
<ami_id>
-l -r<user_id>
where
<ami_id>
is the ID of the AMI and<user_id>
is the user's account ID, without hyphens.
To remove all launch permissions
-
Enter the following command to remove all public and explicit launch permissions:
PROMPT>
ec2-reset-image-attribute
<ami_id>
-lwhere
<ami_id>
is the ID of the AMI.
Note | |
---|---|
The AMI owner always has rights to the AMI and will be unaffected by the ec2-reset-image-attribute command. |
Example
The following example grants launch permissions to the 495219933132 user for the ami-2bb65342 AMI:
PROMPT>
ec2-modify-image-attribute
ami-2bb65342
-l -a495219933132
launchPermission ami-2bb65342 ADD userId 495219933132
The following example removes launch permissions from the 495219933132 user for the ami-2bb65342 AMI:
PROMPT>
ec2-modify-image-attribute
ami-2bb65342
-l -r495219933132
launchPermission ami-2bb65342 REMOVE userId 495219933132
The following example removes all public and explicit launch permissions from the ami-2bb65342 AMI:
PROMPT>
ec2-reset-image-attribute
ami-2bb65342
-l launchPermission ami-2bb65342 RESET