Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Disable an AMI
You can disable an AMI to prevent it from being used for instance launches. You can't launch
new instances from a disabled AMI. You can re-enable a disabled AMI so that it can be used
again for instance launches.
Disabling an AMI removes all its launch permissions.
When an AMI is disabled:
-
The AMI's state changes to disabled
.
-
A disabled AMI can't be shared. If an AMI was public or previously shared, it is made
private. If an AMI was shared with an Amazon Web Services account, organization, or Organizational
Unit, they lose access to the disabled AMI.
-
A disabled AMI does not appear in DescribeImages API calls by default.
-
A disabled AMI does not appear under the Owned by me console filter.
To find disabled AMIs, use the Disabled images console
filter.
-
A disabled AMI is not available to select for instance launches in the EC2 console. For
example, a disabled AMI does not appear in the AMI catalog in the launch instance
wizard or when creating a launch template.
-
Launch services, such as launch templates and Auto Scaling groups, can continue to reference
disabled AMIs. Subsequent instance launches from a disabled AMI will fail, so we
recommend updating launch templates and Auto Scaling groups to reference available AMIs
only.
-
EC2 instances that were previously launched using an AMI that is subsequently disabled are
not affected, and can be stopped, started, and rebooted.
-
You can't delete snapshots associated with disabled AMIs. Attempting to delete an
associated snapshot results in the snapshot is currently in use
error.
When an AMI is re-enabled:
-
The AMI's state changes to available
, and it can be used to launch
instances.
-
The AMI can be shared.
-
Amazon Web Services accounts, organizations, and Organizational Units that lost access to the AMI when it
was disabled do not regain access automatically, but the AMI can be shared with them
again.
You can disable both private and public AMIs.
Costs
When you disable an AMI, the AMI is not deleted. If the AMI is an EBS-backed AMI, you
continue to pay for the AMI's EBS snapshots. If you want to keep the AMI, you might be
able to reduce your storage costs by archiving the snapshots. For more information, see
Archive Amazon EBS snapshots in the Amazon EBS User Guide.
If you don't want to keep the AMI and its snapshots, you must deregister the AMI and
delete the snapshots. For more information, see Delete resources associated with your
Amazon EBS-backed AMI.
Prerequisites
To disable or re-enable an AMI, you must be the owner of the AMI.
Required IAM permissions
To disable and re-enable an AMI, you must have the following IAM permissions:
-
ec2:DisableImage
-
ec2:EnableImage
Disable an AMI
You can disable an AMI by using the EC2 console or the Amazon Command Line Interface (Amazon CLI). You must be the
AMI owner to perform this procedure.
- Console
-
To disable an AMI
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the left navigation pane, choose AMIs.
-
From the filter bar, choose Owned by
me.
-
Select the AMI, and then choose Actions, Disable
AMI. You can select multiple AMIs to disable at
once.
-
In the Disable AMI window, choose Disable
AMI.
- Amazon CLI
-
To disable an AMI
Use the disable-image command and specify the ID
of the AMI.
aws ec2 disable-image --image-id ami-1234567890abcdef0
Expected output
{
"Return": "true"
}
Describe disabled AMIs
You can view disabled AMIs in the EC2 console and by using the Amazon CLI.
You must be the AMI owner to view disabled AMIs. Because disabled AMIs are made private, you
can't view disabled AMIs if you're not the owner.
- Console
-
To view disabled AMIs
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the left navigation pane, choose AMIs.
-
From the filter bar, choose Disabled images.
- Amazon CLI
-
By default, when you use the describe-images command to describe all
AMIs, disabled AMIs do not appear in the results. This is because the
default is --no-include-disabled
. To include disabled AMIs in
the results, you must specify the --include-disabled
parameter.
To include all disabled AMIs when describing all AMIs
Use the describe-images command and specify the
--include-disabled
parameter to retrieve disabled AMIs
in addition to all other AMIs. Optionally, specify --owners
self
to retrieve only the AMIs that you own.
aws ec2 describe-images \
--region us-east-1
\
--owners self
--include-disabled
If you specify the ID of a disabled AMI, but do not specify
--include-disabled
, the disabled AMI is returned in the
results.
aws ec2 describe-images \
--region us-east-1
\
--image-ids ami-1234567890EXAMPLE
To retrieve only disabled AMIs
Specify --filters Name=state,Values=disabled
. You must also specify
--include-disabled
, otherwise you'll get an
error.
aws ec2 describe-images \
--include-disabled \
--filters Name=state,Values=disabled
Example output
The State
field displays the state of an AMI. disabled
indicates that the AMI is disabled.
{
"Images": [
{
"VirtualizationType": "hvm",
"Description": "Provided by Red Hat, Inc.",
"PlatformDetails": "Red Hat Enterprise Linux",
"EnaSupport": true,
"Hypervisor": "xen",
"State": "disabled",
"SriovNetSupport": "simple",
"ImageId": "ami-1234567890EXAMPLE",
"DeprecationTime": "2023-05-10T13:17:12.000Z"
"UsageOperation": "RunInstances:0010",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"SnapshotId": "snap-111222333444aaabb",
"DeleteOnTermination": true,
"VolumeType": "gp2",
"VolumeSize": 10,
"Encrypted": false
}
}
],
"Architecture": "x86_64",
"ImageLocation": "123456789012/RHEL-8.0.0_HVM-20190618-x86_64-1-Hourly2-GP2",
"RootDeviceType": "ebs",
"OwnerId": "123456789012",
"RootDeviceName": "/dev/sda1",
"CreationDate": "2019-05-10T13:17:12.000Z",
"Public": false,
"ImageType": "machine",
"Name": "RHEL-8.0.0_HVM-20190618-x86_64-1-Hourly2-GP2"
}
]
}
Re-enable a disabled AMI
You can re-enable a disabled AMI. You must be the AMI owner to perform this procedure.
- Console
-
To re-enable a disabled AMI
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the left navigation pane, choose AMIs.
-
From the filter bar, choose Disabled images.
-
Select the AMI, and then choose Actions, Enable
AMI. You can select multiple AMIs to re-enable
several AMIs at once.
-
In the Enable AMI window, choose Enable.
- Amazon CLI
-
To re-enable a disabled AMI
Use the enable-image command and specify the ID
of the AMI.
aws ec2 enable-image --image-id ami-1234567890abcdef0
Expected output
{
"Return": "true"
}