Cancel having an AMI shared with your Amazon Web Services account
An Amazon Machine Image (AMI) can be shared with specific
Amazon Web Services accounts by adding the accounts to the AMI's launch permissions. If an
AMI has been shared with your Amazon Web Services account and you no longer want it shared with your
account, you can remove your account from the AMI's launch permissions. You do this by
running the cancel-image-launch-permission
Amazon CLI command. When running this
command, your Amazon Web Services account is removed from the launch permissions for the specified
AMI. To find the AMIs that are shared with your Amazon Web Services account, see Find shared AMIs to use for Amazon EC2 instances.
You might cancel having an AMI shared with your account, for example, to reduce the
likelihood of launching an instance with an unused or deprecated AMI that was shared
with you. When you cancel having an AMI shared with your account, it no longer appears
in any AMI lists in the EC2 console or in the output for describe-images
Limitations
-
You can remove your account from the launch permissions of an AMI that is shared with your Amazon Web Services account only.
-
You can’t permanently remove your account from the launch permissions of an AMI. An AMI owner can share an AMI with your account again.
-
AMIs are a Regional resource. When running
cancel-image-launch-permission
, you must specify the Region in which the AMI is located. Either specify the Region in the command, or use the AWS_DEFAULT_REGION environment variable. -
Only the Amazon CLI and SDKs support removing your account from the launch permissions of an AMI. The EC2 console does not currently support this action.
Cancel having an AMI shared with your account
Note
After you cancel having an AMI shared with your account, you can't undo it. To regain access to the AMI, the AMI owner must share it with your account.