Making an EC2 Linux AMI Snapshot

This procedure presumes that you have already started an EC2 AMI image and have installed, configured and otherwise customized it. Now you want to save the state as a new AMI image.


You'll need to setup some tools and environment on your local machine.

EC2 API Tools

Download the ec2-api-tools:

cd /usr/local

Setup the following environment variables (make sure the EC2_HOME path matches the directory that actually unpacked ...) :

export EC2_HOME=/usr/local/ec2-api-tools-1.3-30349
export PATH=$PATH:$EC2_HOME/bin

The EC2 API tools use $JAVA_HOME. If it is not already set to the correct value in your environment you might need to set it to /usr:

export JAVA_HOME=/usr

Access Identifiers

You'll need to download the private key and public cert from your AWS account:

Start at


Under "Your Account" select "Security Credentials".

Create an environment variable w/ your "Access Key Id" and "Secret Access Key":

export EC2_SECRET_ACCESS_KEY=dGhpcyBhbmQgdGhhdCBhbmQgdGhpcyBhbmQgdGhh

Create a subdirectory in $HOME

mkdir ${HOME}/.ec2
cd ${HOME}/.ec2

Download the created X.509 private key and cert files to this directory. Set a pair of env variables to their paths:


Account Number

Create an environment variable out of your account number (near the top of the page) with the dashes removed:

export EC2_ACCOUNT=123456789012

Target System

Create an environment variable which contains the path to the downloaded Key Pair that you used to start the target system:

export EC2_KEYPAIR=${HOME}/.ec2/mykey.pem

Create an environment variable which contains the public DNS hostname for the target system:


Choose AMI Manifest Parameters

You'll need to choose a "bucket" for the AMI data to live in.

You can put many things in the same bucket.

The bucket will appear in the final AMI Mainfest string so it might be helpful if it was associated with you or your organization.

Buckets are created on demand when they are first mentioned; so if you don't have one already just make up a name here. If the bucket name is already in use you will get an error later about "not being the owner" and you should repeat this step with a different bucket name:

export EC2_BUCKET=mybucket

Choose a name for the AMI image itself.

This name appears in the AMI manifest string so it is helpful if it provides clues as to what this AMI iamge is:

export EC2_IMGNAME=backend01

Making the AMI Image

Transfer the private key and cert to the target machine

IMPORTANT You do not want expose your private key to the world! The following procedure carefully uploads it to the /mnt directory, which will not be included in the AMI image. If the key were uploaded do a different directory it could be baked into the AMI image and exposed to anyone who started the image.

Execute this command on your local machine:

scp -i ${EC2_KEYPAIR} ${EC2_PK} ${EC2_CERT} root@${EC2_TARGETHOST}:/mnt/

Create the image bundle

You'll need to log into the target machine for these commands:

ssh -i ${EC2_KEYPAIR} -l root ${EC2_TARGETHOST}

Once on the target machine you'll need to set some of the same environment variables you set on your local machine. All variables have the same values as the local machine:

export EC2_SECRET_ACCESS_KEY=dGhpcyBhbmQgdGhhdCBhbmQgdGhpcyBhbmQgdGhh
export EC2_ACCOUNT=123456789012
export EC2_BUCKET=mybucket
export EC2_IMGNAME=backend01

You'll need to set the platform as well:

export EC2_PLAT=i386

You'll need to choose a region (choose 1):

export EC2_REGION=eu-west-1
export EC2_REGION=us-east-1
export EC2_REGION=us-west-1

This command creates the bundle:

cd /mnt
ec2-bundle-vol \
    -d /mnt \
    -k /mnt/pk-*.pem \
    -c /mnt/cert-*.pem \
    -u ${EC2_ACCOUNT} \
    -r ${EC2_PLAT} \
    -p ${IMGNAME}

This command uploads the bundle to S3:

ec2-upload-bundle \
    -b ${BKTNAME} \
    -m /mnt/${IMGNAME}.manifest.xml \
    -a ${EC2_ACCESS_KEY_ID} \
    --location ${EC2_REGION}

Registering the image for AMI consumption

This command can be executed on your local machine with the prior environment variables set:

ec2-register \
    --region ${EC2_REGION} \
    --name ${IMGNAME} \

Finally, you can make the image public by using Elastifox or the AWS Console, selecting your AMI new image and selecting "Permissions" ...