What is an AMI?

An AMI or Amazon Machine Image is a blueprint of all the information needed to launch an EC2 instance with an operating system. An AMI is created from a running VM.

Copying AMIs

Amazon has multiple regions, and each AMI lives in a single region but can be copied to various regions. When copying an AMI within a region, its incremental snapshot is copied too. The entire snapshot is copied to the other region when copying an AMI across regions. Encrypting an AMI will result in a new copy of the whole snapshot rather than just an incremental copy.

You can assign permissions to an AMI that govern who has permission to launch instances -

Implicit - The owner of the AMI is implicitly allowed to launch a VM based on an AMI
Explicit - The owner can give permissions to other accounts to launch VMs based on the AMIs ARN
Public - Any account can launch VMs in their own respective accounts while the AMI resides in the owner account

Note - Instances in a region can only be launched from an AMI that is present in that same region

Instance Backed vs. EBS Backed AMIs

There are two ways to create AMIs. Each way reflects the type of root volume created when instances are launched.

EBS Backed

An EBS backed volume is essentially an EBS snapshot of the root volume of an existing VM. It is limited to 16 TiB and incurs EBS storage charges from AWS.

Instance Backed

An Instance backed volume is a template generated from a running VM and uploaded into an S3 bucket. The S3 object is limited to 10Gb and incurs S3 storage charges from AWS.

Boot times

An Instance volume may have network latency advantages but instantiating an EBS backed VM takes less time because the AMI's image is already on an EBS volume that needs to be replicated.

However, an instance-backed VM takes slightly longer because the information necessary to create the VM is in a template in S3 that is then used to generate the VM.

Creating a VM from an Instance Store Backed AMI

An instance-backed AMI is generated from an instance that has an instance store for it's root volume.

These types of AMIs can only be generated from within the VM using command-line tools that first need to be installed. These command-line tools will generate the necessary data, send it to an S3 bucket, and register the AMI.

Creating a VM from an EBS Backed AMI

Generating an EBS backed AMI is far simpler than an instance-backed AMI. It can be easily generated via an API call or the AWS console using a running instance.

Virtualization Types

AWS provides 2 types of virtualizations.

HVM - Hardware Virtual Machines. These are constructs running on machines and emulate real hardware. Operating systems can run in these constructs.

ParaVirtual - Certain machines do not support HVM, and in these cases, ParaVirtual is available. These have traditionally provided the most optimal performance, but HVM has caught up with improvements. Furthermore, ParaVirtual can run on top of HVM via drivers.

AMI System Manager Parameter

AMI identifiers are numeric and provide little flexibility, especially when using tools like Terraform. These identifiers have to be hardcoded and updated whenever there is an update to the AMI. This is where an AMI System Manager parameter proves helpful, as we can define a parameter of type ec2 and use that instead. This parameter will point to the actual AMI identifier that needs to be used.