aws ec2 describe-images: Find AMIs in CI
aws ec2 describe-images returns AMIs matching owner and filter criteria, letting CI resolve the latest image ID instead of hardcoding a stale AMI.
Hardcoded AMI IDs rot and differ per region. describe-images plus a JMESPath sort lets a pipeline always launch from the newest matching image.
What it does
aws ec2 describe-images lists Amazon Machine Images visible to your account, filtered by --owners and --filters. Combined with --query you can sort by CreationDate and select the newest AMI ID in one call.
Common usage
# Latest Amazon Linux 2023 x86_64 AMI ID
aws ec2 describe-images \
--owners amazon \
--filters 'Name=name,Values=al2023-ami-2023.*-x86_64' \
'Name=state,Values=available' \
--query 'sort_by(Images, &CreationDate)[-1].ImageId' \
--output textOptions
| Flag | What it does |
|---|---|
| --owners <id|amazon|self> | Restrict to image owners (use to avoid spoofed names) |
| --filters Name=..,Values=.. | Filter by name, architecture, state, etc. |
| --image-ids <ami...> | Describe specific AMIs by ID |
| --query <jmespath> | Select/sort, e.g. newest by CreationDate |
| --output text|json | Output format |
In CI
Always pin --owners amazon (or your account) so a malicious public AMI with a matching name cannot be selected. sort_by(Images, &CreationDate)[-1].ImageId is the standard "latest AMI" idiom; pair with --output text so the result drops straight into --image-id.
Common errors in CI
An empty result (and None from --query) usually means the filter Values pattern does not match in this region, not a permission problem. "An error occurred (InvalidAMIID.Malformed)" means a bad --image-ids value. "UnauthorizedOperation" means the role lacks ec2:DescribeImages. A literal None passed onward as --image-id then fails run-instances with InvalidAMIID.NotFound, so guard against empty matches.