How do I publish and enforce specific custom AMIs across accounts?

Publishing AMIs

AWS provides capabilities to publish AMIs (golden images) from one account, to then all or specific AWS accounts within your Turbot Cluster: Sharing an AMI with Specific AWS Accounts.

EC2 > Allow AMI Publishing must be enabled to allow AWS/EC2/Admins permission (or higher) to publish and share AMIs.

Enforcing Specific AMIs

Turbot can enforce which AMIs or Images can be used within one or many accounts. There are a few options that enable these configurations within the EC2 Options:

  • Allow Local AMIs - Allow AMIs owned by the account to be run in the account.
  • Trusted AMI Publishers - A list of AWS accounts whose AMIs can be run in the account.
  • Current AMIs - A list of approved AMI IDs that Turbot will allow to be used in the account.
    • As new AMIs are published, older AMIs may be moved to the Deprecated AMIs option.
  • Deprecated AMIs - Will allow existing instances to remain provisioned; however, new instances cannot be created of the AMI IDs in the list.
    • Some organizations will put “- ami-*” to allow for any running instances to be allowed.
Was this article helpful?
0 out of 0 found this helpful