All Superinterfaces:: software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:: AmiLaunchPermission.Jsii$Proxy

@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)", date="2025-11-20T23:37:34.435Z") @Stability(Experimental) public interface AmiLaunchPermission extends software.amazon.jsii.JsiiSerializable

(experimental) The launch permissions for the AMI, defining which principals are allowed to access the AMI.

Example:

 DistributionConfiguration distributionConfiguration = DistributionConfiguration.Builder.create(this, "DistributionConfiguration")
         .distributionConfigurationName("test-distribution-configuration")
         .description("A Distribution Configuration")
         .amiDistributions(List.of(AmiDistribution.builder()
                 // Distribute AMI to us-east-2 and publish the AMI ID to an SSM parameter
                 .region("us-east-2")
                 .ssmParameters(List.of(SSMParameterConfigurations.builder()
                         .parameter(StringParameter.fromStringParameterAttributes(this, "CrossRegionParameter", StringParameterAttributes.builder()
                                 .parameterName("/imagebuilder/ami")
                                 .forceDynamicReference(true)
                                 .build()))
                         .build()))
                 .build()))
         .build();
 // For AMI-based image builds - add an AMI distribution in the current region
 distributionConfiguration.addAmiDistributions(AmiDistribution.builder()
         .amiName("imagebuilder-{{ imagebuilder:buildDate }}")
         .amiDescription("Build AMI")
         .amiKmsKey(Key.fromLookup(this, "ComponentKey", KeyLookupOptions.builder().aliasName("alias/distribution-encryption-key").build()))
         // Copy the AMI to different accounts
         .amiTargetAccountIds(List.of("123456789012", "098765432109"))
         // Add launch permissions on the AMI
         .amiLaunchPermission(AmiLaunchPermission.builder()
                 .organizationArns(List.of(this.formatArn(ArnComponents.builder().region("").service("organizations").resource("organization").resourceName("o-1234567abc").build())))
                 .organizationalUnitArns(List.of(this.formatArn(ArnComponents.builder()
                         .region("")
                         .service("organizations")
                         .resource("ou")
                         .resourceName("o-1234567abc/ou-a123-b4567890")
                         .build())))
                 .isPublicUserGroup(true)
                 .accountIds(List.of("234567890123"))
                 .build())
         // Attach tags to the AMI
         .amiTags(Map.of(
                 "Environment", "production",
                 "Version", "{{ imagebuilder:buildVersion }}"))
         // Optional - publish the distributed AMI ID to an SSM parameter
         .ssmParameters(List.of(SSMParameterConfigurations.builder()
                 .parameter(StringParameter.fromStringParameterAttributes(this, "Parameter", StringParameterAttributes.builder()
                         .parameterName("/imagebuilder/ami")
                         .forceDynamicReference(true)
                         .build()))
                 .build(), SSMParameterConfigurations.builder()
                 .amiAccount("098765432109")
                 .dataType(ParameterDataType.TEXT)
                 .parameter(StringParameter.fromStringParameterAttributes(this, "CrossAccountParameter", StringParameterAttributes.builder()
                         .parameterName("imagebuilder-prod-ami")
                         .forceDynamicReference(true)
                         .build()))
                 .build()))
         // Optional - create a new launch template version with the distributed AMI ID
         .launchTemplates(List.of(LaunchTemplateConfiguration.builder()
                 .launchTemplate(LaunchTemplate.fromLaunchTemplateAttributes(this, "LaunchTemplate", LaunchTemplateAttributes.builder()
                         .launchTemplateId("lt-1234")
                         .build()))
                 .setDefaultVersion(true)
                 .build(), LaunchTemplateConfiguration.builder()
                 .accountId("123456789012")
                 .launchTemplate(LaunchTemplate.fromLaunchTemplateAttributes(this, "CrossAccountLaunchTemplate", LaunchTemplateAttributes.builder()
                         .launchTemplateId("lt-5678")
                         .build()))
                 .setDefaultVersion(true)
                 .build()))
         // Optional - enable Fast Launch on an imported launch template
         .fastLaunchConfigurations(List.of(FastLaunchConfiguration.builder()
                 .enabled(true)
                 .launchTemplate(LaunchTemplate.fromLaunchTemplateAttributes(this, "FastLaunchLT", LaunchTemplateAttributes.builder()
                         .launchTemplateName("fast-launch-lt")
                         .build()))
                 .maxParallelLaunches(10)
                 .targetSnapshotCount(2)
                 .build()))
         // Optional - license configurations to apply to the AMI
         .licenseConfigurationArns(List.of("arn:aws:license-manager:us-west-2:123456789012:license-configuration:lic-abcdefghijklmnopqrstuvwxyz"))
         .build());

Nested Class Summary

Nested Classes

Modifier and Type

Interface

Description

static final class

AmiLaunchPermission.Builder

A builder for AmiLaunchPermission

static final class

AmiLaunchPermission.Jsii$Proxy

An implementation for AmiLaunchPermission
Method Summary

Modifier and Type

Method

Description

static AmiLaunchPermission.Builder

builder()

default List<String>

getAccountIds()

(experimental) The AWS account IDs to share the AMI with.

default Boolean

getIsPublicUserGroup()

(experimental) Whether to make the AMI public.

default List<String>

getOrganizationalUnitArns()

(experimental) The ARNs for the AWS Organizations organizational units to share the AMI with.

default List<String>

getOrganizationArns()

(experimental) The ARNs for the AWS Organization that you want to share the AMI with.

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

Method Details
- getAccountIds
  
  @Stability(Experimental) @Nullable default List<String> getAccountIds()
  
  (experimental) The AWS account IDs to share the AMI with.
  Default: None
- getIsPublicUserGroup
  
  @Stability(Experimental) @Nullable default Boolean getIsPublicUserGroup()
  (experimental) Whether to make the AMI public. Block public access for AMIs must be disabled to make the AMI public.
  WARNING: Making an AMI public exposes it to any AWS account globally. Ensure the AMI does not contain:
  
  Sensitive data or credentials
  
  Proprietary software or configurations
  
  Internal network information or security settings
  
  For more information on blocking public access for AMIs, see: Understand block public access for AMIs
  Default: false
- getOrganizationalUnitArns
  
  @Stability(Experimental) @Nullable default List<String> getOrganizationalUnitArns()
  
  (experimental) The ARNs for the AWS Organizations organizational units to share the AMI with.
  Default: None
- getOrganizationArns
  
  @Stability(Experimental) @Nullable default List<String> getOrganizationArns()
  
  (experimental) The ARNs for the AWS Organization that you want to share the AMI with.
  Default: None
- builder
  
  @Stability(Experimental) static AmiLaunchPermission.Builder builder()
  
  Returns:
  
  a AmiLaunchPermission.Builder of AmiLaunchPermission

Interface AmiLaunchPermission

Nested Class Summary

Method Summary

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Method Details

getAccountIds

getIsPublicUserGroup

getOrganizationalUnitArns

getOrganizationArns

builder