Share encrypted AMIs across accounts to launch instances in a single step
You can now share Amazon Machine Images (AMIs) encrypted with Customer-Managed Customer Master Keys (CMKs) across accounts with a single API call. Additionally, you can also launch instances from shared encrypted AMIs in a single step.
Until now, sharing was possible only for unencrypted AMIs. To distribute an encrypted AMI, you followed a multi-step process that resulted in an AMI copy in each account. Now, you can directly share AMIs encrypted with your Customer-Managed CMK across accounts and launch Amazon EC2 instances from the shared AMI. This simplifies your AMI distribution process and reduces the snapshot storage cost associated with maintaining multiple AMI copies across accounts.
To get started, see the technical documentation on sharing encrypted AMIs. These features are now available through the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDKs at no extra charge in AWS GovCloud and all commercial AWS regions except China.