What can I do when I can no longer select the AMI that my Amazon EC2 Windows instance uses or when I see the error “Cannot load details for ami-xxxxxx. You may not be permitted to view it.”?

Last updated: 2022-09-09

I can no longer select the Amazon Machine Image (AMI) that my Amazon Elastic Compute Cloud (Amazon EC2) Windows instance uses in the AWS Management Console. When I look at the Details tab for the AMI, I see "Cannot load details for ami-xxxxxx. You may not be permitted to view it."

How can I get a description of an AMI that isn’t publicly available?


I reference a specific AMI ID in my AWS CloudFormation template. Amazon Web Services (AWS) regularly updates and provides a fully patched Windows AMI within five business days of Microsoft's patch. This causes problems, such as old template stacks breaking, or templates that need to be regularly updated. Why is this happening, and how can I prevent this issue?

Short description

The AMI that your EC2 Windows instance uses is no longer public.

AWS provides publicly available AMIs that are configured specifically to the Windows platform. The AMIs in each release have new AMI IDs. Within ten days of a new AMI release, AMIs older than three months are made private.

This also occurs when a custom AMI is de-registered. For more information, see Patches, security updates, and AMI IDs.

Note: If you must launch instances from the same AMI, you must create a new AMI from the instance.


Retrieve the description of an AMI ID that is no longer public

First, find the name of the AMI from the registry. Then, use PowerShell to find the latest AMI of the same name. Follow these steps:

Note: These steps are only applicable if you use an Amazon-provided AMI.

1.    From the Amazon EC2 console, choose Instances from the navigation pane. Select an instance that was launched using the AMI that is no longer available.

2.    Connect to the instance.

3.    Check the following registry location to confirm the AMI name:

$AMIName=(Get-Itemproperty HKLM:\SOFTWARE\Amazon\MachineImage).AMIName

Note: The HKLM:\SOFTWARE\Amazon\MachineImage registry location is imprinted with the name and date of the AMI when the instance launches.

4.    Run the Get-SSMLatestEC2Image PowerShell command to list all Public AMIs by name. To narrow the results, run the following command.

Get-SSMLatestEC2Image -ImageName $AMIName -Path ami-windows-latest | %{ write-host $AMIName, $_}

Note: This example lists the latest AMI ID with OS Version for the AWS Region.

This AMI is the same as the old one, aside from the latest Microsoft software updates and any performance improvements made by AWS. It's a best practice to use the latest AMI to launch new instances.

To receive notifications of these periodic changes, you can subscribe to Windows AMI notifications.

AMI ID is hardcoded into a CloudFormation template or IaaS platform

It’s a best practice to write scripts that locate the latest AWS Windows AMIs by name or description, rather than by AMI ID. AMI IDs are subject to change after each release.

For more information, see Patches, security updates, and AMI IDs.

To avoid interruption to your build pipelines, you can programmatically retrieve the latest AMI published by AWS to a public Parameter Store that matches your requirements. For more information, see Working with public parameters.

You can also create your own AMI to have more control over the AMI lifecycle and updates.

To create an image from an instance that used the AMI, follow these steps:

1.    Stop the instance.

2.    From the Amazon EC2 console, choose Instances from the navigation pane.

3.    Select the instance. For Actions, choose Image, Create Image.
For Image name, enter a name.
(Optional) For Image description, enter a description.
Choose Create Image.

4.    Important: Step 3 creates an exact image of your instance, including the server name and administrator password. To prevent conflicts, create a new instance based on the new image. Apply any required customizations, and then perform the process of generalization to create a healthy AMI. For instructions, see How can I use Sysprep to create and install custom reusable Windows AMIs?

5.    You can now use the image created in step 4 to launch instances.

Did this article help? 

Do you need billing or technical support?