Cannot deregister AMIs

Hello,

Thanks for reaching out to us.

Checking on those AMIs, I can see that they were initially created by the AWS Backup service [1] because looking into the Cloudtrail logs for your account, I can see the below error when calling the DeregisterImage API call for those AMIs you mentioned
"errorMessage":"This image is managed by AWS Backup and cannot be deleted via EC2 APIs. To delete this image, please use the AWS Backup APIs, CLI, or console."

You may view that error message event using the Cloudtrail event logs in your CloudTrail Event History as well [2].

To delete those AMIs as per the error message, you need to use AWS Backup API calls or do it from AWS Backup console.

If you want to delete them from the AWS Backup console, please login to AWS Backup console:

Select Backup Vaults
Open the required vault
Select the intended recovery point
Press delete
Confirm
More information on deleting the images from the AWS Backup console can be found here [3]

If you want to delete them from the AWS CLI, you may use the delete-recovery-point API call [4] and provide the "backup vaults name" and the "recovery point ID" and delete the resource.
A sample cli command for reference would be:

aws backup delete-recovery-point --backup-vault-name <vault-name> --recovery-point-arn <arn of recovery point> --region us-west-2

I hope this helps.

Thanks and best regards,
awsabdallah

[1] AWS Backup service - https://aws.amazon.com/backup/

[2] Viewing Events with CloudTrail Event History - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html

[3] Clean Up Resources - Step 3: Delete the Recovery Points - https://docs.aws.amazon.com/aws-backup/latest/devguide/gs-cleanup-resources.html#cleanup-backups

[4] Delete Recovery API cli - https://docs.aws.amazon.com/cli/latest/reference/backup/delete-recovery-point.html

Edited by: awsabdallah on Feb 8, 2021 5:21 AM