AMIs Link to heading

AMI is a template which includes the OS, metadata, boostrap, boot-mode.

2nd round on summary Link to heading

Virtualization type: PV vs HVM (emulate hardware, access to physical hardware like CPU/GPU)
Hypervisor: XEN vs Nitro
CPU Arch
OS
Boot type?? : UEFI vs BIOS
Encryption: create encrypted ebs, take snapshot, create ami from the snapshot, voila
Root device type: instance-backed or ebs-backed
Where to get one?: aws-made, community, shared publicly, marketplace, import/export
Did you know?
- Snapshot: raw data blocks
- AMI: amazon machine image (template with pre-config stuff)

AMI uniq feats:

region
OS
cpu arch
root device type: instance stored-backed (ephemeral storage), ebs-backed
- instance store-backend instances are of ephemeral storage, template are in S3, (doesn’t support Windows)
- It is a pain-in-the-neck to create a instance store-backed ami.
- it can be converted into ebs-backend ami
virtualization type: PV & HVM
hypervisor: XEN o Nitro

Many options to buy on AWS Marketplace from single AMI to Cloudformation stacks.

Some more facts:

AMIs can be imported from a VM software.
An AMI can be created from a running EC2 machine.
AMI Lifecycle: create, copy, store, deregister.
- AMI can be copied from one region to another on your aws acct
- AMI can be deregistered (cleaned)

AWS AMI supports both
- UEFI (default for graviton instances)
  - The OS has to be configured to boot with UEFI mode
  - /usr/sbin/efibootmgr has to exists, as well as /sys/firmware/efi
- BIOS (default for intel & amd instances)

AMIs can be shared publicly on AWS by aws itself, verified providers and aws users.
In order to share an AMI check the vm
- doesn’t have ssh creds,
- doesn’t allow remote root ssh
- cron jobs are legitimate
- legitimate tcp/udp ports are opened
- sensitive data, ~/.bash_history is removed
Sharing an AMI is not billed, the account that launches it is billed
AMIs can be shared with an OU or OUS
Launch permission can be enabled/disabled for a OU or particular aws acct