Friday, July 10, 2020

AMI – Amazon Machine Image

AMI – Amazon Machine Image
-         An Amazon Machine Image (AMI) provides the information required to launch an instance. You must specify an AMI when you launch an instance. You can launch multiple instances from a single AMI when you need multiple instances with the same configuration. You can use different AMIs to launch instances when you need instances with different configurations.
-         Image is REGION specific
-         Similar to a snapshot but includes all dependencies
-         A snapshot is created for each image
-         You can add volumes to EC2 during image creation

Instance-store backed AMI
-         AMI from Instance-store backed EC2 – gets stored in user's S3 bucket (incurs charges for storage)
-         Need to register it – to make creating machines off image available
-         If changes to AMI are made, need de-register and re-register for changes to take effect
-         When launching – image is copied from S3 to the machine root

EBS backed AMI
-         Need to stop instance before creating an image – to ensure data integrity
-         AWS creates snapshots of root and all volumes attached
-         AMI is created using these snapshots
-         No need to register itAWS registers EBS Backed AMIs automatically
-         Snapshots are stored in S3 (chargeable) – no need to specify bucket name
-         To remove the root volume snapshot from S3 – need to deregister the AMI first
-         AMI that includes encrypted volumes will only launch on EC2 of family that supports encryption

AMI vs Snapshot
-         An EBS snapshot is a backup of a single EBS volume. The EBS snapshot contains all the data stored on the EBS volume at the time the EBS snapshot was created.
-         An AMI image is a backup of an entire EC2 instance. Associated with an AMI image are EBS snapshots. Those EBS snapshots are the backups of the individual EBS volumes attached to the EC2 instance at the time the AMI image was created.

Sharing AMI
-         Modify permissions, share with another account
-         Can check off ‘Add "create volume" permissions’ – to share the underlying snapshots. 
          §  Setting this permission will allow a user from the other account to create an EBS volume from that snapshot, independent of the AMI that you share with them. 
          §  If you don't check it, then they'll only be able to use the AMI (which uses that snapshot) to launch an instance, but they won't be able to create a separate EBS volume from it.
          §  If you have access to an AMI, you can always create a new one from it by launching an instance from the original AMI, then saving a new AMI from that instance. There is no way to prevent that because once they have the instance launched from the AMI, it's out of your control.
-         If snapshots AND original encryption keys are NOT shared – the receiving account will not be able to launch an instance of AMI
-         If keys are shared but underlying snapshots aren’t – can launch an EC2 off the image on the receiving account, but not copy the received image. Should then make a custom AMI of that instance.



No comments:

Post a Comment