EC2 / Client / copy_image
copy_image#
- EC2.Client.copy_image(**kwargs)#
Initiates an AMI copy operation. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can’t copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.
When you copy an AMI from one Region to another, the destination Region is the current Region.
When you copy an AMI from a Region to an Outpost, specify the ARN of the Outpost as the destination. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region or the key that you specify. Outposts do not support unencrypted snapshots.
For information about the prerequisites when copying an AMI, see Copy an AMI in the Amazon EC2 User Guide.
See also: AWS API Documentation
Request Syntax
response = client.copy_image( ClientToken='string', Description='string', Encrypted=True|False, KmsKeyId='string', Name='string', SourceImageId='string', SourceRegion='string', DestinationOutpostArn='string', DryRun=True|False, CopyImageTags=True|False, TagSpecifications=[ { 'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'ipam-external-resource-verification-token', 'Tags': [ { 'Key': 'string', 'Value': 'string' }, ] }, ] )
- Parameters:
ClientToken (string) – Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.
Description (string) – A description for the new AMI in the destination Region.
Encrypted (boolean) – Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using
KmsKeyId
. For more information, see Use encryption with EBS-backed AMIs in the Amazon EC2 User Guide.KmsKeyId (string) –
The identifier of the symmetric Key Management Service (KMS) KMS key to use when creating encrypted volumes. If this parameter is not specified, your Amazon Web Services managed KMS key for Amazon EBS is used. If you specify a KMS key, you must also set the encrypted state to
true
.You can specify a KMS key using any of the following:
Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.
Key alias. For example, alias/ExampleAlias.
Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an identifier that is not valid, the action can appear to complete, but eventually fails.
The specified KMS key must exist in the destination Region.
Amazon EBS does not support asymmetric KMS keys.
Name (string) –
[REQUIRED]
The name of the new AMI in the destination Region.
SourceImageId (string) –
[REQUIRED]
The ID of the AMI to copy.
SourceRegion (string) –
[REQUIRED]
The name of the Region that contains the AMI to copy.
DestinationOutpostArn (string) –
The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.
For more information, see Copy AMIs from an Amazon Web Services Region to an Outpost in the Amazon EBS User Guide.
DryRun (boolean) – Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is
DryRunOperation
. Otherwise, it isUnauthorizedOperation
.CopyImageTags (boolean) –
Indicates whether to include your user-defined AMI tags when copying the AMI.
The following tags will not be copied:
System tags (prefixed with
aws:
)For public and shared AMIs, user-defined tags that are attached by other Amazon Web Services accounts
Default: Your user-defined AMI tags are not copied.
TagSpecifications (list) –
The tags to apply to the new AMI and new snapshots. You can tag the AMI, the snapshots, or both.
To tag the new AMI, the value for
ResourceType
must beimage
.To tag the new snapshots, the value for
ResourceType
must besnapshot
. The same tag is applied to all the new snapshots.
If you specify other values for
ResourceType
, the request fails.To tag an AMI or snapshot after it has been created, see CreateTags.
(dict) –
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
Note
The
Valid Values
lists all the resource types that can be tagged. However, the action you’re using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you’re using, you’ll get an error.ResourceType (string) –
The type of resource to tag on creation.
Tags (list) –
The tags to apply to the resource.
(dict) –
Describes a tag.
Key (string) –
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with
aws:
.Value (string) –
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
- Return type:
dict
- Returns:
Response Syntax
{ 'ImageId': 'string' }
Response Structure
(dict) –
Contains the output of CopyImage.
ImageId (string) –
The ID of the new AMI.
Examples
This example copies the specified AMI from the us-east-1 region to the current region.
response = client.copy_image( Description='', Name='My server', SourceImageId='ami-5731123e', SourceRegion='us-east-1', ) print(response)
Expected Output:
{ 'ImageId': 'ami-438bea42', 'ResponseMetadata': { '...': '...', }, }