- Newest
- Most votes
- Most comments
Actually, I just found out that there is a built-in functionality of image pipeline to share with the whole Org/OUnit. So, I don't need any Lambdas. Thank you for your replies.
True, thats possible, only if you want to put the latest image to SSM in the specific accounts to help people to use that parameter while automation creation of instances you would need to have a lambda function
This is the correct way to do it.
Yes, sharing Amazon Machine Images (AMIs) across accounts in an AWS Organization is possible. Here's a more direct approach to your question:
-
When EC2 Image Builder completes a build, it produces an AMI. You can modify the permissions of this AMI to be shared with other AWS accounts.
-
Sharing with Specific Accounts:
- Go to the EC2 console.
- Under "Images", select "AMIs".
- Select your AMI, click on "Actions", and then choose "Modify Image Permissions".
- Under "Add account", you can specify the AWS account numbers with which you want to share the AMI.
- To automatically share the AMI with all accounts in your organization, you would need to set up an automation (e.g., using AWS Lambda) that:
- Detects the creation of a new AMI using CloudWatch Events.
- Shares the AMI with all accounts in the AWS Organization by modifying the AMI permissions.
I hope this helps! If this solution works for you, please accept the answer. Otherwise, do leave a comment, and I'll try to assist you.
This is redundant. Use the built in function in Image Builder to share the AMIs with the Org/OU.
Here is an example Lambda to share an AMI to an AWS Organization:
import boto3
import logging
logger = logging.getLogger()
ec2client = boto3.client('ec2')
orgclient = boto3.client('organizations')
try:
accounts = orgclient.list_accounts()
accountlist = []
for account in accounts['Accounts']:
if account['Status'] == 'ACTIVE':
accountlist.append(account['Id'])
except():
logger.error("Could not get Account ids")
try:
print(accountlist)
logger.info("Share new AMI with Organization Accounts")
response = ec2client.modify_image_attribute(
Attribute='launchPermission',
ImageId="YOURIMAGEID",
OperationType='add',
UserIds=accountlist
)
except(ec2client.Client.exceptions):
logger.error("Could not share AMI: YOURIMAGEID.")
Please rather share the AMI directly with the Org: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/share-amis-with-organizations-and-OUs.html
Relevant content
- asked a year ago
- Accepted Answerasked 2 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 4 months ago
https://aws.amazon.com/about-aws/whats-new/2021/11/ec2-image-builder-sharing-amis-aws-organization-units/