EBS-backed AMI policy

Question

Is there a way to set up a lifecycle policy utilizing EBS-backed AMI policy and share that EBS-backed AMI across accounts through the AWS Lifecycle Manager?  I see the guides for EBS backed snapshots but I do not see anything in the guide for cross account sharing automation in the EBS-backed AMI policy documents (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-policy.html).  I know how to share an AMI manually across accounts.  If there is not a way to do this through AWS Lifecycle Manager, could somebody describe another way to approach the problem (e.g. create a lambda function that finds the AMI that is backed up on a weekly basis and share it across accounts)?

Answer

Within the lifecycle manager, you cannot copy AMIs across accounts unfortunately.

Depending on which accounts you are sharing with, there are different solutions.

1. If you are sharing your AMI with accounts within your AWS organization, you can leverage AWS Backup and its native functionality to share within an organization. [Creating backup copies across AWS accounts](https://docs.aws.amazon.com/aws-backup/latest/devguide/create-cross-account-backup.html)
2. If an AMI needs to be shared with individual accounts outside an organization, you can look into using EventBridge to listen to EC2 AMI events (image state = available) and invoke a Lambda function, for example, to configure the AMI's permissions/configurations. [Monitor AMI events using Amazon EventBridge](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitor-ami-events.html)
3. Alternatively, if you are using an EC2 image builder to build AMIs, you can use its out of box features to share EC2 image builder built AMIs with other accounts. [Set up cross-account AMI distribution with Image Builder](https://docs.aws.amazon.com/imagebuilder/latest/userguide/cross-account-dist.html)

EBS-backed AMI policy

Contenido relevante