EC2 / Client / copy_image

copy_image#

EC2.Client.copy_image(**kwargs)#

Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can’t copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.

To copy an AMI from one Region to another, specify the source Region using the SourceRegion parameter, and specify the destination Region using its endpoint. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot.

To copy an AMI from a Region to an Outpost, specify the source Region using the SourceRegion parameter, and specify the ARN of the destination Outpost using DestinationOutpostArn. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon EC2 User Guide.

For more information about the prerequisites and limits when copying an AMI, see Copy an AMI in the Amazon EC2 User Guide.

See also: AWS API Documentation

Request Syntax

response = client.copy_image(
    ClientToken='string',
    Description='string',
    Encrypted=True|False,
    KmsKeyId='string',
    Name='string',
    SourceImageId='string',
    SourceRegion='string',
    DestinationOutpostArn='string',
    DryRun=True|False,
    CopyImageTags=True|False
)
Parameters:
  • ClientToken (string) – Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.

  • Description (string) – A description for the new AMI in the destination Region.

  • Encrypted (boolean) – Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide.

  • KmsKeyId (string) –

    The identifier of the symmetric Key Management Service (KMS) KMS key to use when creating encrypted volumes. If this parameter is not specified, your Amazon Web Services managed KMS key for Amazon EBS is used. If you specify a KMS key, you must also set the encrypted state to true.

    You can specify a KMS key using any of the following:

    • Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

    • Key alias. For example, alias/ExampleAlias.

    • Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.

    • Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

    Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an identifier that is not valid, the action can appear to complete, but eventually fails.

    The specified KMS key must exist in the destination Region.

    Amazon EBS does not support asymmetric KMS keys.

  • Name (string) –

    [REQUIRED]

    The name of the new AMI in the destination Region.

  • SourceImageId (string) –

    [REQUIRED]

    The ID of the AMI to copy.

  • SourceRegion (string) –

    [REQUIRED]

    The name of the Region that contains the AMI to copy.

  • DestinationOutpostArn (string) –

    The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

    For more information, see Copy AMIs from an Amazon Web Services Region to an Outpost in the Amazon EC2 User Guide.

  • DryRun (boolean) – Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

  • CopyImageTags (boolean) –

    Indicates whether to include your user-defined AMI tags when copying the AMI.

    The following tags will not be copied:

    • System tags (prefixed with aws:)

    • For public and shared AMIs, user-defined tags that are attached by other Amazon Web Services accounts

    Default: Your user-defined AMI tags are not copied.

Return type:

dict

Returns:

Response Syntax

{
    'ImageId': 'string'
}

Response Structure

  • (dict) –

    Contains the output of CopyImage.

    • ImageId (string) –

      The ID of the new AMI.

Examples

This example copies the specified AMI from the us-east-1 region to the current region.

response = client.copy_image(
    Description='',
    Name='My server',
    SourceImageId='ami-5731123e',
    SourceRegion='us-east-1',
)

print(response)

Expected Output:

{
    'ImageId': 'ami-438bea42',
    'ResponseMetadata': {
        '...': '...',
    },
}