What can I do when the AMI that my EC2 instance uses is no longer public or when I see the error “Cannot load details for ami-xxxxxx. You may not be permitted to view it.”?

Last updated: 2019-11-07

I can no longer select the Amazon Machine Image (AMI) that my Amazon Elastic Compute Cloud (Amazon EC2) instance uses in the AWS Management Console. When I look at the Details tab for the AMI, I see "Cannot load details for ami-xxxxxx. You may not be permitted to view it."

How can I get a description of an AMI that isn’t publicly available?

Or

I reference a specific AMI ID in my AWS CloudFormation template. Amazon Web Services (AWS) regularly creates new images and deprecates the old ones a few weeks later. This causes problems, such as old template stacks breaking, or templates that need to be regularly updated. Why is this happening, and how can I prevent this issue? 

Short Description

The AMI that your EC2 Windows instance uses is no longer public.

AWS provides publicly available AMIs that are configured specifically to the Windows platform. The AMIs in each release have new AMI IDs. Within 10 days of a new AMI release, AMIs older than three months are made private.

This also occurs when a custom AMI is de-registered.

For more information, see Patches, Security Updates, and AMI IDs.

Note: If you need to launch instances from the same AMI, you must create a new AMI from the instance.

Resolution

Retrieve the description of an AMI ID that is no longer public 

First, find the name of the AMI from the registry. Then, use PowerShell to find the latest AMI of the same name. Follow these steps:

Note: These steps are only applicable if you use an Amazon-provided AMI.

1.    From the Amazon EC2 console, choose Instances from the navigation pane. Select an instance that was launched using the AMI that is no longer available.

2.    Connect to the instance.

3.    Check the following registry location to confirm the AMI name:

Get-Itemproperty HKLM:\SOFTWARE\Amazon\MachineImage -Name AMIName

Note: The HKLM:\SOFTWARE\Amazon\MachineImage registry location is imprinted with the name and date of the AMI when the instance launches.

4.    Run the Get-EC2ImageByName PowerShell command to list all Public AMIs by name. To narrow the results, run the following command, replacing AMIName with the AMI name from step 3.

Get-EC2ImageByName –Names AMIName
Example: Get-EC2ImageByName -Names WINDOWS_2016_CORE

Note: This command returns a lot of metadata about the image, including the latest AMI ID for the Region. AMIs have different IDs in each Region.

This AMI is the same as the old one, aside from the latest Microsoft software updates and any performance improvements made by AWS. Consider using the latest AMI to launch new instances.

To receive notifications of these periodic changes, you can subscribe to Windows AMI notifications.

AMI ID is hardcoded into a CloudFormation template or IaaS platform

It’s a best practice to write scripts that locate the latest AWS Windows AMIs by name or description, rather than by AMI ID. AMI IDs are subject to change after each release.

For more information, see Patches, Security Updates, and AMI IDs.

To avoid interruption to your build pipelines, you can programmatically retrieve the latest AMI published by AWS to a public Parameter Store that matches your requirements. For more information, see Working with Public Parameters.

You can also create your own AMI to have more control over the AMI lifecycle and updates. To create an image from an instance that used the AMI, follow these steps:

1.    Stop the instance.

2.    From the Amazon EC2 console, choose Instances from the navigation pane.

3.    Select the instance. For Actions, choose Image, Create Image.
For Image name, enter a name.
(Optional) For Image description, enter a description.
Choose Create Image.

4.    Important: Step 3 creates an exact image of your instance, including the server name and administrator password. To prevent conflicts, create a new instance based on the new image. Apply any required customizations, and then perform the process of generalization to create a healthy AMI. For instructions, see How can I use Sysprep to create and install custom reusable Windows AMIs?

5.    You can now use the image created in step 4 to launch instances.


Did this article help you?

Anything we could improve?


Need more help?