How to use the Terraform aws_ami
data source block to find AWS AMIs to be used as EC2 templates (root volume snapshot with operating system and applications).
Welcome to our tutorial series where we dive into cloud infrastructure deployment using Terraform or OpenTofu on AWS. In this series, the fundamentals are shown, guiding you through the process of minimizing resource usage and simplifying the deployment complexities associated with cloud infrastructure. This tutorial series is a work in progress.
This comprehensive OpenTofu and Terraform tutorial guides you step-by-step through creating infrastructure in AWS using Terraform.
Infrastructure as Code (IaC) helps maintain consistency, enables version control, enhances collaboration among teams, allows for easier replication of environments, streamlines the deployment and management of infrastructure boosting efficiency, and reducing errors in managing complex systems.
How to start building AWS infrastructure with Terraform: AMIs
Read previous sections of the tutorial: AWS with Terraform Tutorial
An Amazon Machine Image (AMI) is essentially a template that contains all the necessary information to launch a virtual machine (EC2 instance) within the AWS cloud environment.
How to find an AWS AMI with Terraform
Terraform data source data "aws_ami" is used to get the ID of a registered AMI. The data source accepts a set of parameters and filters to select the AMI.
Plan, and apply the Terraform plan to select the AWS AMI.
There is no cost for using publicly available AWS AMIs.
Common Questions About AWS AMIs
How do I create a custom AMI?, How do I find and select the right AMI for my needs?, How do I update or patch an AMI?...
Other tutorials for creating infrastructure in AWS using Terraform
Read previous sections of the tutorial:
An Amazon Machine Image (AMI) is essentially a template that contains all the necessary information to launch a virtual machine (EC2 instance) within the AWS cloud environment.
AWS has an AMI library composed of private AMI (only available for its owners) and an extensive selection of public Machine Images provided by AWS and the community. Public AMIs are available for most distributions of Linux.
Each AMI has an associated ID that is unique to each AWS Region. To enable Region portability for Terraform plans the AMI ID should not be used and instead a Terraform data source should be called to find out the corresponding AMI ID for a set of filters describing the AMI.
Previous sections of this AWS with Terraform guide have covered basic information about Terraform and AWS and have configured and used the AWS Terraform provider to create a VPC, four subnets, one Internet Gateway, two NAT Gateways, three Routing Tables, Security Groups, and a Private Key.
Terraform data source data "aws_ami"
is used to get the ID of a registered AMI. The data source accepts a set of parameters and filters to select the AMI.
For our needs, we will specify the name of the Image, the virtualization type, and the owner (Canonical). The owner doesn't change across regions.
The value for the filters is extracted from the AWS AMI Catalog.
The Terraform AMI data source filter accepts an * as a wildcard and when used with the most_recent = true
setting returns the latest AMI.
Add the following block to the terraform-aws-tutorial.tf
created in previous sections.
#Find AMI Ubuntu 23.04 ARM64 Minimal data "aws_ami" "ubuntu-23-04-arm64-minimal" { most_recent = true filter { name = "name" values = ["ubuntu-minimal/images/hvm-ssd/ubuntu-lunar-23.04-arm64-minimal-*"] } filter { name = "virtualization-type" values = ["hvm"] } owners = ["099720109477"] # Canonical }
The returned value of a Terraform data source can be accessed using its type, name, and property: data.aws_ami.ubuntu-23-04-arm64-minimal.id
or printed out and stored in the state file using a Terraform output
(optional):
# Store the AMI ID - optional output "aws-ami-ubuntu-23-04-arm64-minimal-id" { value = data.aws_ami.ubuntu-23-04-arm64-minimal.id }
Open a command line shell at the same location where the terraform-aws-tutorial.tf file is located, and, run the Terraform or OpenTofu plan, and apply the commands.
Run tofu plan
to generate and review the execution plan. Check each line and value to make sure that it corresponds to the desired change.
Terraform will refresh the state comparing it with the Cloud resources and produce a plan for the resources that need to be created, updated, or destroyed.
In the past section of the tutorial, some resources were commented out to reduce the infrastructure cost during development, as the AMI doesn't have any dependencies with the commented code, there is no need to uncomment.
Run the Terraform plan:
$ tofu plan data.aws_ami.ubuntu-23-04-arm64-minimal: Reading... data.aws_ami.ubuntu-23-04-arm64-minimal: Read complete after 2s [id=ami-01eba98c26f317c58] Changes to Outputs: + aws-ami-ubuntu-23-04-arm64-minimal-id = "ami-01eba98c26f317c58"
There is no need to apply. Terraform data sources don't produce any change in the infrastructure and are only used to access existing cloud resources.
In this case, the ubuntu-23-04-arm64-minimal AMI is already available in the AWS AMI Registry and the data sources are used to get its ID (and other properties) and use it as a parameter for the EC2 instance definition in the next section of this tutorial.
Most of the Community AMIs are free to use but be aware that some have a cost and make sure to check that the publisher (owner) is trusted. The selected AMI for Ubuntu is free to use but other images from Canonical named Ubuntu Pro have a cost.
A custom AMI can created in multiple forms:
Yes, you can share Amazon Machine Images (AMIs) with other AWS accounts. This can be done either publicly or privately, allowing specific AWS accounts to access the shared AMIs.
Use the AWS Console EC2 AMI to modify the permissions of an AMI.
The right AMI for your needs depends on the type of load, applications, operating system, and CPU Architecture your EC2 instances will run. Use the AWS AMI Catalog to find the right AMI or build it yourself.
To update or patch an AMI an EC2 instance:
Yes, AWS services like AWS CloudFormation, AWS Elastic Beanstalk, AWS OpsWorks, and Auto Scaling groups deploy instances based on existing AMIs. Terraform as in this example is also using an AWS AMI to deploy EC2 instances.
Consider several security best practices:
An Amazon Machine Image (AMI) is essentially a template that contains all the necessary information to launch a virtual machine (EC2 instance) within the AWS cloud environment.
EC2 instances are the result of launching a server using an AMI. Backup and restore for EC2 and AMI follow different processes:
This tutorial series is a work in progress and will have these sections:
AWS with Terraform: The Essential Guide: Sections
IT Wonder Lab tutorials are based on the diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has over 25 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.
Are you looking for cloud automation best practices tailored to your company?