AMS Amazon Machine Images (AMIs)
AMS produces updated Amazon Machine Images (AMIs) every month for AMS supported operating systems.
In addition, AMS also produces security enhanced images (AMIs) based on CIS Level 1 benchmark for a subset of
AMS's supported operating systems.
To find out which operating systems have a security enhanced image available,
see the AMS Security User Guide, which is available through AWS Artifact -> Reports page (find the Reports option in the left navigation pane)
filtered for AWS Managed Services. To access AWS Artifact, can contact your CSDM for instructions or go to
Getting Started with AWS Artifact
To receive alerts when new AMS AMIs are released, you can subscribe to an Amazon Simple Notification Service (Amazon SNS) notification topic called "AMS AMI". For details, see AMS AMI notifications with SNS.
The AMS AMI naming convention is:
customer-ams-<operating system>-<release date> - <version>
.
(for example, customer-ams-rhel6-2018.11-3
)
Only use AMS AMIs that start with customer
.
AMS recommends always using the most recent AMI. You can find the most recent AMIs by either:
Looking in the AMS console, on the AMIs page.
Viewing the latest AMS AMI CSV file, available from your CSDM or through this ZIP file: AMS 11.2024 AMI contents and CSV file in a ZIP.
For past AMI ZIP files, see the Doc History.
Running this AMS
SKMS
command (AMS SKMS SDK required):aws amsskms list-amis --vpc-id
VPC_ID
--query "Amis.sort_by(@,&Name)[? starts_with(Name,'customer')].[Name,AmiId,CreationTime]" --output table
AMS AMI content added to base AWS AMIs, by operating system (OS)
Linux AMIs:
Yum Upgrade for critical patches
AMS custom scripts / management software (controlling boot, AD join, monitoring, security, and logging)
Windows Server AMIs:
AMS PowerShell Modules controlling boot, AD join, monitoring, security, and logging
EC2Config service (through Windows Server 2012 R2)
EC2Launch (Windows Server 2016 and Windows Server 2019)
EC2LaunchV2 (Windows Server 2022 and later)
Linux-based AMIs:
Amazon Linux 2023 (Latest Minor Release)
Amazon Linux 2 (Latest Minor Release)
Amazon Linux 2 (ARM64)
Red Hat Enterprise 7 (Latest Minor Release)
Red Hat Enterprise 8 (Latest Minor Release)
Red Hat Enterprise 9 (Latest Minor Release)
SUSE Linux Enterprise Server 15 SP5
Ubuntu Linux 18.04
Ubuntu Linux 20.04
Ubuntu Linux 22.04
Amazon Linux: For product overview, pricing information, usage information, and support information, see Amazon Linux AMI (HVM / 64-bit)
and Amazon Linux 2 . For more information, see Amazon Linux 2 FAQs
. RedHat Enterprise Linux (RHEL): For product overview, pricing information, usage information, and support information, see Red Hat Enterprise Linux (RHEL) 7 (HVM)
. Ubuntu Linux 18.04: For product overview, pricing information, usage information, and support information, see Ubuntu 18.04 LTS - Bionic
. SUSE Linux Enterprise Server for SAP applications 15 SP5:
Run the following steps once per account:
Navigate to the AWS Marketplace.
Search for the SUSE 15 SAP product.
Choose Continue to subscribe.
Choose Accept terms.
Complete the following steps every time you need to launch a new SUSE Linux Enterprise Server for SAP Applications 15 SP5 instance:
Note the AMI ID for the subscribed SUSE Linux Enterprise Server for SAP Applications 15 AMI.
Create a manual (Management | Other | Other | Create) RFC with the following wording; replace
AMI ID
with the AWS Marketplace AMI ID you have subscribed to.
Windows-based AMIs:
Microsoft Windows Server (2016, 2019 and 2022), based on latest Windows AMIs.
For examples of creating AMIs, see Create AMI.
Offboarding AMS AMIs:
AMS does not unshare any AMIs from you during offboarding to avoid impact for any of your depedencies. If you want to remove AMS AMIs from
your account, you can use the cancel-image-launch-permission
API to hide specific AMIs. For example, you can use the script below to hide all of the AMS AMIs
that were shared with your account earlier:
for ami in $(aws ec2 describe-images --executable-users self --owners 027415890775 --query 'Images[].ImageId' --output text) ; do aws ec2 cancel-image-launch-permission --image-id $ami ; done
You must have the AWS CLI v2 installed for the script to execute without any errors. For AWS CLI installation steps, see
Installing or updating the latest version of the AWS CLI.
For details on the cancel-image-launch-permission
command, see
cancel-image-launch-permission