How do Amazon Machine Images work?

amazon-web-services amazon-ec2

I've seen many tutorials and such about creating AMI's, but I've never really understood the full concept of an AMI. Is a link to the instance, or is it stored and never changed. Also, does an image include the local storage and all packages etc installed on that instance, or is it simply just a copy of the configuration of a particular instance. Thanks


Solution 1:

In its simplest form, an AMI is a description of a virtual machine - the type of virtualization, the architecture (32/64 bit), the kernel, and the root device. In Amazon's words:

An AMI is a template that contains a software configuration (operating system, application server, and applications) that you can run on Amazon's proven computing environment.

EC2 instances are virtual machines, running on Amazon's hardware. In order for the instance to start, there is some minimum amount of information that is required. Additionally, different instance types support different configurations (e.g. some do not support 32-bit AMIs).

Each AMI has an identifier (e.g. ami-a1b2c3d4), and the configuration of that AMI cannot be changed after creation. (You can however, override many of the settings at launch time, or in some cases, even after an instance is launched).

In terms of the root volume, AMIs contain a reference to an existing volume (e.g. they reference a snapshot for EBS backed instances, or to the image parts in the case of an S3 backed instance).

AMIs also contain some degree of error-checking - typically a user-id to indicate ownership, encryption keys (that encrypt the image), and a signature (to verify the image integrity). You can get a good idea of what an AMI is by looking at the manifest file created when making an S3 backed instance - it is just a file containing data and references to other items (storage, kernel, etc).

An image references its as a block device mapping - it specifies the device (e.g. /dev/sda1) and the source of data (ephemeral (and the S3 parts if relevant) or ebs-snapshot). Since S3 parts are signed, and ebs-snapshots cannot be changed (only deleted), launching an instance from an AMI (without overriding its settings) should always result in an instance with the same software setup. (Note it is still possible for instances launched from the same AMI to differ in their running states due to user-data, or different block device mappings (e.g. micro instances have no ephemeral storage, while other instance types do). Just to be clear here, the attached volumes are stored separate from the AMI, but reference by the AMI in such a way that the volumes cannot be changed. The volumes contain an exact copy of the data that was on them at the time the AMI was created.

Before launching an instance from an AMI, you can override the block device mapping (e.g. to add an additional EBS volume, or another ephemeral volume if the instance type supports it). In the case of EBS volumes, after the instance is launched, you can detach the root volume and attach a different EBS volume altogether.

So, to briefly answer your questions: Is a link to the instance, or is it stored and never changed. It is stored and never changed.

Also, does an image include the local storage and all packages etc installed on that instance, or is it simply just a copy of the configuration of a particular instance. The image includes the local storage and all packages etc. installed on that instance. (Typically, this is just the root volume, but an AMI can be set-up to launch an instance with multiple, populated volumes).

Solution 2:

An AMI is effectively the master copy of a root file system that is used to launch new EC2 instances, along with some meta data like the architecture. It contains the full operating system and software packages that you would normally find when you boot up a fresh copy of that distro, plus whatever the AMI creator found fit to add.

If you create an AMI from an instance, you are basically creating a copy of the root file system of that instance, which can later be used to create new instances.

My answer here might also help: https://stackoverflow.com/a/7895489/111286

Related

Howto create a transparent https proxy with firehol and tinyproxy?
Make systemd user service depend on system target
How should I configure my ELB health check when using NameVirtualHosts and redirecting to www?
etckeeper pushing to github
vagrant synced_folders and VBoxInternal2/SharedFoldersEnableSymlinksCreate
Is there a Midnight Commander log or history file?
How do I set a varnish response TTL dynamically?
Wireshark running on a server seeing lots of `ARP who has` with different tells
What is the cause of "application pool exceeded time limits during shut down"?
How to use realmd in Ubuntu 14.04 LTS to join an Active Directory domain?
How do I block inheritance/application of a single GPO?
Why might the Jenkins user not have permission to access the Docker unix socket?