AmiLaunchPermission
- class aws_cdk.aws_imagebuilder_alpha.AmiLaunchPermission(*, account_ids=None, is_public_user_group=None, organizational_unit_arns=None, organization_arns=None)
Bases:
object(experimental) The launch permissions for the AMI, defining which principals are allowed to access the AMI.
- Parameters:
account_ids (
Optional[Sequence[str]]) – (experimental) The AWS account IDs to share the AMI with. Default: Noneis_public_user_group (
Optional[bool]) – (experimental) Whether to make the AMI public. Block public access for AMIs must be disabled to make the AMI public. WARNING: Making an AMI public exposes it to any AWS account globally. Ensure the AMI does not contain: - Sensitive data or credentials - Proprietary software or configurations - Internal network information or security settings For more information on blocking public access for AMIs, see: Understand block public access for AMIs Default: falseorganizational_unit_arns (
Optional[Sequence[str]]) – (experimental) The ARNs for the AWS Organizations organizational units to share the AMI with. Default: Noneorganization_arns (
Optional[Sequence[str]]) – (experimental) The ARNs for the AWS Organization that you want to share the AMI with. Default: None
- Stability:
experimental
- ExampleMetadata:
infused
Example:
distribution_configuration = imagebuilder.DistributionConfiguration(self, "DistributionConfiguration", distribution_configuration_name="test-distribution-configuration", description="A Distribution Configuration", ami_distributions=[imagebuilder.AmiDistribution( # Distribute AMI to us-east-2 and publish the AMI ID to an SSM parameter region="us-east-2", ssm_parameters=[imagebuilder.SSMParameterConfigurations( parameter=ssm.StringParameter.from_string_parameter_attributes(self, "CrossRegionParameter", parameter_name="/imagebuilder/ami", force_dynamic_reference=True ) ) ] ) ] ) # For AMI-based image builds - add an AMI distribution in the current region distribution_configuration.add_ami_distributions( ami_name="imagebuilder-{{ imagebuilder:buildDate }}", ami_description="Build AMI", ami_kms_key=kms.Key.from_lookup(self, "ComponentKey", alias_name="alias/distribution-encryption-key"), # Copy the AMI to different accounts ami_target_account_ids=["123456789012", "098765432109"], # Add launch permissions on the AMI ami_launch_permission=imagebuilder.AmiLaunchPermission( organization_arns=[ self.format_arn(region="", service="organizations", resource="organization", resource_name="o-1234567abc") ], organizational_unit_arns=[ self.format_arn( region="", service="organizations", resource="ou", resource_name="o-1234567abc/ou-a123-b4567890" ) ], is_public_user_group=True, account_ids=["234567890123"] ), # Attach tags to the AMI ami_tags={ "Environment": "production", "Version": "{{ imagebuilder:buildVersion }}" }, # Optional - publish the distributed AMI ID to an SSM parameter ssm_parameters=[imagebuilder.SSMParameterConfigurations( parameter=ssm.StringParameter.from_string_parameter_attributes(self, "Parameter", parameter_name="/imagebuilder/ami", force_dynamic_reference=True ) ), imagebuilder.SSMParameterConfigurations( ami_account="098765432109", data_type=ssm.ParameterDataType.TEXT, parameter=ssm.StringParameter.from_string_parameter_attributes(self, "CrossAccountParameter", parameter_name="imagebuilder-prod-ami", force_dynamic_reference=True ) ) ], # Optional - create a new launch template version with the distributed AMI ID launch_templates=[imagebuilder.LaunchTemplateConfiguration( launch_template=ec2.LaunchTemplate.from_launch_template_attributes(self, "LaunchTemplate", launch_template_id="lt-1234" ), set_default_version=True ), imagebuilder.LaunchTemplateConfiguration( account_id="123456789012", launch_template=ec2.LaunchTemplate.from_launch_template_attributes(self, "CrossAccountLaunchTemplate", launch_template_id="lt-5678" ), set_default_version=True ) ], # Optional - enable Fast Launch on an imported launch template fast_launch_configurations=[imagebuilder.FastLaunchConfiguration( enabled=True, launch_template=ec2.LaunchTemplate.from_launch_template_attributes(self, "FastLaunchLT", launch_template_name="fast-launch-lt" ), max_parallel_launches=10, target_snapshot_count=2 ) ], # Optional - license configurations to apply to the AMI license_configuration_arns=["arn:aws:license-manager:us-west-2:123456789012:license-configuration:lic-abcdefghijklmnopqrstuvwxyz" ] )
Attributes
- account_ids
(experimental) The AWS account IDs to share the AMI with.
- Default:
None
- Stability:
experimental
- is_public_user_group
(experimental) Whether to make the AMI public. Block public access for AMIs must be disabled to make the AMI public.
WARNING: Making an AMI public exposes it to any AWS account globally. Ensure the AMI does not contain:
Sensitive data or credentials
Proprietary software or configurations
Internal network information or security settings
For more information on blocking public access for AMIs, see: Understand block public access for AMIs
- Default:
false
- Stability:
experimental
- organization_arns
(experimental) The ARNs for the AWS Organization that you want to share the AMI with.
- Default:
None
- Stability:
experimental
- organizational_unit_arns
(experimental) The ARNs for the AWS Organizations organizational units to share the AMI with.
- Default:
None
- Stability:
experimental