Posted On: Jun 25, 2019
We are excited to announce the availability of Encrypted AMI sharing across accounts in Amazon Web Services China (Beijing) Region operated by Sinnet, and Amazon Web Services China (Ningxia) Region operated by NWCD.
You can now share Amazon Machine Images (AMIs) encrypted with Customer-Managed Customer Master Keys (CMKs) across accounts with a single API call. Additionally, you can also launch instances from shared encrypted AMIs in a single step.
Until now, sharing was possible only for unencrypted AMIs. To distribute an encrypted AMI, you followed a multi-step process that resulted in an AMI copy in each account. Now, you can directly share AMIs encrypted with your Customer-Managed CMK across accounts and launch Amazon EC2 instances from the shared AMI. This simplifies your AMI distribution process and reduces the snapshot storage cost associated with maintaining multiple AMI copies across accounts.
To get started, see the technical documentation on sharing encrypted AMIs. These features are now available through the Amazon Web Services Management Console, Amazon Command Line Interface (CLI), or Amazon SDKs at no extra charge in all commercial regions.