Leave a Comment / AWS Amazon Machine Image (AMI) / By

how to manage deregistration protection

What is Deregistration Protection? –

Deregistration Protection is a mechanism used to prevent accidental deletion (deregistration) of critical Amazon Machine Images (AMIs). While AWS doesn’t provide a built-in toggle like EC2 termination protection for AMIs, you can implement a protection strategy using IAM policies, tagging, and automation scripts.

Purpose & Use – 

  1. Prevents accidental or unauthorized deregistration of production-critical AMIs.
  2. Ensures image availability for disaster recovery, autoscaling groups, or reproducible environments.

Benefits – 

  1. Enhances operational safety and stability.
  2. Protects baseline images used across environments.
  3. Reduces the risk of manual errors by team members.

For more information use this link – 

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deregistration-protection.html

1. Log in to your AWS account and navigate to the EC2 section to perform this operation.

2. If you have already taken an AMI of any production server, that is fine. If not, please create an AMI of any server first. (We have already taken a demo AMI for this operation, so we will be using that AMI.)

3. Please navigate to the AMIs section, select the desired AMI, and then click on the Actions button.

4. Next, go to Manage AMI deregistration protection

5. After opening, a popup will appear showing three options. You can choose the option according to your requirement. (For now, we will select Enable without cooldown) and then click Save.

6. After successfully completing this operation, try to deregister the AMI and observe the result.

The AMI is protected from deletion.

7. 8.If you want to remove the protection, go to Actions, then select Manage AMI deregistration protection. Choose Disable, save the settings, and then try to delete the AMI.

Note : 
Deregistering an AMI is permanent
 Once an AMI is deregistered, you cannot launch new instances from it. Be careful before deleting — always double-check if it’s still needed.

Snapshots are not deleted automatically
 When you deregister an AMI, the associated EBS snapshot still exists and will continue to incur charges. You must manually delete the snapshot to stop billing.

Use tags to protect important AMIs
 AWS doesn’t have a built-in “deregistration protection” like EC2, but you can use tags like Protection=Enabled and apply IAM policies to prevent accidental deletion.

    END

    Leave a Comment

    Your email address will not be published. Required fields are marked *