EC2 Image Builder in AWS Organization

Yes, sharing Amazon Machine Images (AMIs) across accounts in an AWS Organization is possible. Here's a more direct approach to your question:

1. When EC2 Image Builder completes a build, it produces an AMI. You can modify the permissions of this AMI to be shared with other AWS accounts.

2. Sharing with Specific Accounts:

• Go to the EC2 console.
• Under "Images", select "AMIs".
• Select your AMI, click on "Actions", and then choose "Modify Image Permissions".
• Under "Add account", you can specify the AWS account numbers with which you want to share the AMI.

3. To automatically share the AMI with all accounts in your organization, you would need to set up an automation (e.g., using AWS Lambda) that:

• Detects the creation of a new AMI using CloudWatch Events.
• Shares the AMI with all accounts in the AWS Organization by modifying the AMI permissions.

I hope this helps! If this solution works for you, please accept the answer. Otherwise, do leave a comment, and I'll try to assist you.

Here is an example Lambda to share an AMI to an AWS Organization:

import boto3
import logging
logger = logging.getLogger()

ec2client = boto3.client('ec2')
orgclient = boto3.client('organizations')

try: 
    accounts = orgclient.list_accounts()
    accountlist = []
    for account in accounts['Accounts']:
        if account['Status'] == 'ACTIVE':
            accountlist.append(account['Id'])
except():
    logger.error("Could not get Account ids")
try:
    print(accountlist)
    logger.info("Share new AMI with Organization Accounts")
    response = ec2client.modify_image_attribute(
    Attribute='launchPermission',
    ImageId="YOURIMAGEID",
    OperationType='add',
    UserIds=accountlist
    )
except(ec2client.Client.exceptions):
    logger.error("Could not share AMI: YOURIMAGEID.")