Launch an instance with UEFI Secure Boot support - Amazon Elastic Compute Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Launch an instance with UEFI Secure Boot support

When you launch an instance with the following prerequisites, the instance will automatically validate UEFI boot binaries against its UEFI Secure Boot database. You can also configure UEFI Secure Boot on an instance after launch.


UEFI Secure Boot protects your instance and its operating system against boot flow modifications. Typically, UEFI Secure Boot is configured as part of the AMI. If you create a new AMI with different parameters from the base AMI, such as changing the UefiData within the AMI, you can disable UEFI Secure Boot.

Linux AMIs

To launch a Linux instance, the Linux AMI must have UEFI Secure Boot enabled.

Amazon Linux supports UEFI Secure Boot starting with AL2023 release 2023.1. However, UEFI Secure Boot isn't enabled in the default AMIs. For more information, see UEFI Secure Boot in the AL2023 User Guide. Older versions of Amazon Linux AMIs aren't enabled for UEFI Secure Boot. To use a supported AMI, you must perform a number of configuration steps on your own Linux AMI. For more information, see Create a Linux AMI to support UEFI Secure Boot.

Windows AMIs

To launch a Windows instance, the Windows AMI must have UEFI Secure Boot enabled.


Amazon provides Windows AMIs that are preconfigured for UEFI Secure Boot. AMIs of this type are not available in the China (Beijing) and China (Ningxia) Regions.

Currently, we do not support importing Windows with UEFI Secure Boot by using the import-image command.

Instance type
  • Supported: All virtualized instance types that support UEFI also support UEFI Secure Boot. For the instance types that support UEFI Secure Boot, see Considerations.

  • Not supported: Bare metal instance types do not support UEFI Secure Boot.