![[Update] Usage report and reference resource verification feature added to Amazon EC2 AMIs](https://images.ctfassets.net/ct0aopd36mqt/wp-thumbnail-bac3d29aa65f45576f73094798087ee5/039ad6f8a7d8f18da47986d21c447f48/amazon-ec2)
[Update] Usage report and reference resource verification feature added to Amazon EC2 AMIs
I am Iwasa.
Amazon EC2 allows you to create AMIs and launch EC2 instances from them.
Until now, to check which resources or accounts were using a specific AMI, you needed to prepare scripts that would check all resources to confirm AMI reference information, but with a recent update, two features have been added to check AMI usage.
When you check the action menu in the AMI console, you'll see that an "AMI usage" menu has been added, which contains "Create my AMI usage report" and "View referenced resource".
I've tried both of these features, so let me introduce them.## Generating AMI Usage Reports
You can generate reports showing AMI usage information from "Create my AMI usage report".
The report isn't generated as a PDF or similar format, but rather collects information that you can reference using the management console or API.
When you select an AMI and choose "Create my AMI usage report", you'll be taken to a screen to enter the information needed for report creation.
You can select multiple AMIs and run the process collectively.
There are two specifications required here, one being the resource type.
As of today, the resource types supported are "instances" and "launch templates."
The other specification is the account. You can specify all accounts, or you can enter individual AWS account IDs.
After that, just press the create report button.
For this test, I had previously shared an AMI across accounts outside the organization, and launched an EC2 instance on a different AWS account than the one owning the AMI.
To check the report, you can view it from the tabs on each AMI's details screen.
With this update, you should see a new tab called "My AMI usage" where you can check the status of report generation.
When the status shows "completed", you can check the report via the report ID or by clicking "View report" in the details column.
When I clicked View report, the information was displayed in the report as follows.
What I find really great is that it checks everything across accounts.In the report above, accounts both within and outside the organization were all extracted. Although we can only check the resource type and usage count, it's quite useful as we can see whether they're being used or not.
One point to note is that this report may not include activities (such as EC2 launches) from the last 24 hours, so we should be careful about that.
View your AMI usage - Amazon Elastic Compute Cloud
Indeed, right after using an AMI, the information wasn't showing up in the report for a while.
Checking AMI Referenced Resources
With "View referenced resource," you can check which resources are using the AMI in more detail.
However, this feature only checks within the target account.
Supported resources include EC2 instances and launch templates, as well as SSM parameters and Image Builder. I didn't notice earlier, but SSM parameters and Image Builder make sense. AMIs are referenced in many places.
When you run an AMI reference check, the scan starts immediately.
As shown below, instances launched using the target AMI within the account are displayed.
For usage within the account, using this feature provides more detailed information, which is better.
Conclusion
Today, I tried out the newly added AMI usage report and reference resource verification features in Amazon EC2.
When deleting AMIs, we sometimes hear about issues like "it was actually being used in a launch template, and the ASG stopped working." This reference check can be useful for checking usage status before deletion and for many other purposes.
