Amazon EC2 managed instances
An Amazon EC2 managed instance is an EC2 instance that is provisioned and managed by a designated service provider, such as Amazon EKS through EKS Auto Mode. Managed instances provide a simplified way for running compute workloads on Amazon EC2 by allowing you to delegate operational control of the instance to a service provider.
Delegated control is the only change introduced for managed instances. The technical specifications and billing remain the same as non-managed EC2 instances. Because managed instances allow you to delegate control to the service provider, you can benefit from the service provider’s operational expertise and best practices. When an instance is managed, the service provider is responsible for tasks such as provisioning the instance, configuring software, scaling capacity, handling instance failures and replacements, and terminating the instance.
You can’t directly modify the settings of a managed instance or terminate it. The service and specific operations are determined by the agreement between you and the service provider. However, you can add, modify, or remove tags from your managed instances, allowing you to categorize them within your AWS environment.
Contents
Billing for managed instances
An Amazon EC2 managed instance incurs the same base charge as a non-managed Amazon EC2 instance, plus a separate fee for the service provider. This additional fee is charged by the service provider managing your instance and is billed separately. It covers the cost of services provided for operating and maintaining your managed instance.
All Amazon EC2 purchasing options are available for managed instances, including On-Demand Instances, Reserved Instances, Spot Instances, and Savings Plans. By sourcing your compute directly from EC2 and then providing it to your service provider, you benefit from any existing Reserved Instances or Savings Plans applied to your account, ensuring that you're using the most cost-effective compute capacity available.
For example, when using Amazon EKS Auto Mode, you pay the standard EC2 instance rate for the underlying instances, plus an additional charge from Amazon EKS for managing the instances on your behalf. If you then decide to sign up for a Savings Plans, the EC2 instance rate is reduced by the Savings Plans, while the additional charge from Amazon EKS remains unchanged.
Identify managed instances
Managed instances are identified by a true value in the
Managed field. The service provider is identified in the
Operator field (in the console) or Principal field
(in the CLI).
Use the following procedures to identify managed instances.
Managed resource visibility settings
You can control whether resources that AWS services provision on your behalf appear in your Amazon EC2 console views and API list operations.
What is managed resource visibility?
AWS services such as Amazon EKS, Amazon ECS, Workspaces, and AWS Lambda provision and operate Amazon EC2 instances directly within your account. These services assume responsibility for scaling, OS patches, security updates, and lifecycle management. The resulting Amazon EC2 instances, Amazon EBS volumes, Amazon EBS snapshots, and network interfaces (ENIs) appear alongside your customer-managed resources in the Amazon EC2 console and APIs. Managed resource visibility settings give you control over whether these managed resources surface in your resource views.
Affected resource types
| Resource type | Services that provision these resources | Description |
|---|---|---|
| Amazon EC2 Instances | Amazon EKS worker nodes, Amazon ECS container instances, AWS Lambda execution environments, Amazon WorkSpaces Core | Primary resource type affected by visibility settings |
| Amazon EBS Volumes | Amazon EKS, Amazon ECS | Volumes attached to managed instances |
| Amazon EBS snapshots | Amazon EKS, Amazon ECS | Amazon EBS snapshots created by managed services |
| Network Interfaces (ENIs) | Amazon EKS, Amazon ECS, Lambda | Network interfaces provisioned for managed workloads |
Note
New managed resources are hidden by default. Resources that managed instance offerings (such as Amazon EKS Auto Mode, Amazon ECS managed instances, or Lambda managed instances) have already created in your account remain visible. You can adjust visibility settings at any time.
Why configure visibility settings
Configuring visibility settings lets you tailor how managed resources appear across your operational tooling. Common use cases include:
-
Simplify governance by reducing resource counts in compliance dashboards to only customer-managed resources.
-
Reduce noise in observability tools that aggregate Amazon EC2 metrics across all instances in an account.
-
Prevent false positives in cloud security posture management (CSPM) scanners (for example, Qualys) that flag managed resources as customer misconfigurations.
-
With managed instances, AWS is responsible for the configuration, patching, and health of Amazon EC2 instances. By controlling visibility, you can better articulate the shared responsibility model to end users.
Note
Visibility settings control resource display in AWS console views and API list operations. They do not affect billing, resource operation, or actual access permissions. Hidden resources remain fully operational and billable.
Configure managed resource visibility
You can configure managed resource visibility by using the Amazon EC2 console or the AWS CLI.
Discover hidden managed resources
When you turn off visibility, you can still access managed resources. The following methods surface them on demand:
-
Service-specific consoles: Navigate to the respective AWS service console (for example, the Amazon EKS console) to view instances provisioned for that service. The service console provides full details on all resources the service manages in your account.
-
Direct API queries: Use the
describe-instancesAPI with a specificinstance-idparameter. Direct queries with known instance IDs return results regardless of visibility settings. Visibility settings only affect list and filter operations. You can also usedescribe-instanceswith theinclude-managed-resourcesparameter to discover managed instances.
Note
The same direct-query-by-ID behavior applies to all affected resource types.
You can use describe-volumes, describe-snapshots, and
describe-network-interfaces with specific resource IDs to access
hidden managed resources of those types.
Billing considerations
Managed resource visibility settings have no effect on billing. Hidden managed instances continue to appear in billing data because they are resources running within your account, provisioned on your behalf, and remain fully billable regardless of visibility configuration.
Hidden resources remain visible in:
-
AWS bills
-
AWS Cost and Usage Reports
Important
Managed instances are provisioned in your account and consume compute
resources. Hiding them from console views does not reduce costs. Review
service-specific billing documentation (for example, Amazon EKS Pricing
Limitations
-
Visibility settings apply to the entire account and affect all IAM principals uniformly.
-
You cannot selectively show or hide managed resources by resource type or by the service that created them. For example, you cannot choose to show managed instances created by Amazon EKS while hiding those created by Lambda, Amazon ECS, or Amazon WorkSpaces.
Get started with managed instances
For guidance on using managed instances, see Automate cluster infrastructure with EKS Auto Mode in the Amazon EKS User Guide.
