AWS AMI cross-region replication and sharing
Published: (December 14, 2025 at 08:22 PM EST)
2 min read
Source: Dev.to
Source: Dev.to
Overview
AWS AMI cross‑region replication and sharing can be performed via the AWS Management Console, CLI, or SDK. AMIs are region‑specific, so they must be copied explicitly to another region before they can be shared.
Copy an AMI to another region
- Open the EC2 console.
- Navigate to AMIs > My AMIs.
- Select the source AMI and choose Actions > Copy AMI.
- Specify:
- Destination region
- Name and description
- Encryption options (e.g., select a KMS key for encrypted snapshots)
- AWS creates a new AMI ID in the target region. Monitor progress in the console or with the CLI.
CLI example
aws ec2 copy-image \
--source-region us-east-1 \
--source-image-id ami-12345678 \
--name "CopiedAMI" \
--region us-west-2Costs: Snapshot storage and minor data‑transfer fees apply; there is no extra copy fee.
Share the copied AMI with other AWS accounts
- In the EC2 console of the target region, select the newly copied AMI.
- Choose Actions > Modify Image Permissions.
- Add the recipient’s 12‑digit AWS account ID under Launch Permissions > Specific AWS accounts.
- Save changes. The recipient will see the AMI under AMIs > Shared with me.
CLI example
aws ec2 modify-image-attribute \
--image-id ami-87654321 \
--launch-permission "Add=[{UserId=123456789012}]"Revoke sharing permissions
Use the same command with Remove instead of Add:
aws ec2 modify-image-attribute \
--image-id ami-87654321 \
--launch-permission "Remove=[{UserId=123456789012}]"Encrypted AMIs
When sharing encrypted AMIs, you must also share the associated KMS key with the recipient account.
Usage by the recipient
The recipient can launch instances from the shared AMI in the target region (e.g., us-west-2). They are responsible for any usage fees incurred.