Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can’t copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask .
To copy an AMI from one Region to another, specify the source Region using the SourceRegion parameter, and specify the destination Region using its endpoint. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted
during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot.
To copy an AMI from a Region to an Outpost, specify the source Region using the SourceRegion parameter, and specify the ARN of the destination Outpost using DestinationOutpostArn . Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId . Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide .
For more information about the prerequisites and limits when copying an AMI, see Copying an AMI in the Amazon Elastic Compute Cloud User Guide .
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
copy-image
[--client-token <value>]
[--description <value>]
[--encrypted | --no-encrypted]
[--kms-key-id <value>]
--name <value>
--source-image-id <value>
--source-region <value>
[--destination-outpost-arn <value>]
[--dry-run | --no-dry-run]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--client-token
(string)
Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference .
--description
(string)
A description for the new AMI in the destination Region.
--encrypted
| --no-encrypted
(boolean)
Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using
KmsKeyId
. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide .
--kms-key-id
(string)
The identifier of the symmetric Key Management Service (KMS) KMS key to use when creating encrypted volumes. If this parameter is not specified, your Amazon Web Services managed KMS key for Amazon EBS is used. If you specify a KMS key, you must also set the encrypted state to
true
.You can specify a KMS key using any of the following:
Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.
Key alias. For example, alias/ExampleAlias.
Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an identifier that is not valid, the action can appear to complete, but eventually fails.
The specified KMS key must exist in the destination Region.
Amazon EBS does not support asymmetric KMS keys.
--name
(string)
The name of the new AMI in the destination Region.
--source-image-id
(string)
The ID of the AMI to copy.
--source-region
(string)
The name of the Region that contains the AMI to copy.
--destination-outpost-arn
(string)
The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.
For more information, see Copying AMIs from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide .
--dry-run
| --no-dry-run
(boolean)
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is
DryRunOperation
. Otherwise, it isUnauthorizedOperation
.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To copy an AMI to another region
This example copies the specified AMI from the us-east-1
region to the ap-northeast-1
region.
Command:
aws ec2 copy-image --source-image-id ami-5731123e --source-region us-east-1 --region ap-northeast-1 --name "My server"
Output:
{
"ImageId": "ami-438bea42"
}