AWS Amazon EC2 From Instance

This page shows how to write Terraform for Amazon EC2 From Instance and write them securely.

aws_ami_from_instance (Terraform)

The From Instance in Amazon EC2 can be configured in Terraform with the resource name aws_ami_from_instance. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub
resource "aws_ami_from_instance" "controller-0-ami" {
  name               = "controller-0-ami"
  source_instance_id =
  depends_on         = [null_resource.dns-server-config]
resource "aws_ami_from_instance" "example1" {
  name               = "serviceone"
  source_instance_id =
  depends_on         = [null_resource.ansibleservices]
#Create Image form ServiceTwo installed host
resource "aws_ami_from_instance" "ami_from_instance" {
  name =
  source_instance_id =

resource "aws_ami_from_instance" "ami_from_instance1" {
resource "aws_ami_from_instance" "payments_sd_cac_clone" {
  name               = "payments_sd_cac_clone_20191112"
  source_instance_id = "i-043dec12552c0a948"
  snapshot_without_reboot = true
 tags = {
    Name = "payments_sd_cac_clone_20191112"
resource "aws_ami_from_instance" "example" {
  name               = "ami2"
  source_instance_id = "i-0659f71"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


Explanation in Terraform Registry

The "AMI from instance" resource allows the creation of an Amazon Machine Image (AMI) modelled after an existing EBS-backed EC2 instance. The created AMI will refer to implicitly-created snapshots of the instance's EBS volumes and mimick its assigned block device configuration at the time the resource is created. This resource is best applied to an instance that is stopped when this instance is created, so that the contents of the created image are predictable. When applied to an instance that is running, the instance will be stopped before taking the snapshots and then started back up again, resulting in a period of downtime. Note that the source instance is inspected only at the initial creation of this resource. Ongoing updates to the referenced instance will not be propagated into the generated AMI. Users may taint or otherwise recreate the resource in order to produce a fresh snapshot.

Tips: Best Practices for The Other AWS Amazon EC2 Resources

In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.



Ensure to avoid using default VPC

It is better to define the own VPC and use it.



Ensure your network ACL rule blocks unwanted inbound traffic

It is better to block unwanted inbound traffic.



Ensure to use a customer-managed key for EBS volume encryption

It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).



Ensure to avoid storing AWS access keys in user data

It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.



Ensure your security group blocks unwanted inbound traffic

It is better to block unwanted inbound traffic.

Review your AWS Amazon EC2 settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

CloudFormation Example

CloudFormation code does not have the related resource.

Frequently asked questions

What is AWS Amazon EC2 From Instance?

AWS Amazon EC2 From Instance is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform.

Where can I find the example code for the AWS Amazon EC2 From Instance?

For Terraform, the alinuxien/k8s-aws-iac, rubenivanyan/epam_final_project and rachel-yoon59/codeherent-test-2 source code examples are useful. See the Terraform Example section for further details.


Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.