EC2 Launch Templates And AMIs

Concepts Covered

• Amazon Machine Images
• EC2 launch templates
• Launch template versions
• AMI regional scope
• User data and bootstrap scripts
• Block device mappings
• Security groups and instance profiles
• Launch templates versus launch configurations
• Auto Scaling group integration
• Common exam traps

1. Plain-English Mental Model

An AMI is the disk image an EC2 instance boots from.

A launch template is the reusable recipe for launching the instance.

The simple model is:

AMI = operating system and baked software
launch template = AMI + instance type + network + storage + IAM + user data

The AMI answers: "What machine image should this instance start from?"

The launch template answers: "When we launch this kind of instance, what settings should AWS use?"

This distinction matters because production EC2 fleets should not depend on a human remembering the same console settings every time. Auto Scaling groups, CloudFormation, deployment pipelines, and recovery runbooks all need repeatable launch behavior.

2. Why This Service Exists

Manual EC2 launches are fine for experiments. They are dangerous for fleets.

If one engineer launches an instance with one subnet, another uses a different security group, another forgets the IAM role, and another picks a slightly different AMI, the architecture becomes inconsistent. That inconsistency creates debugging pain, security drift, patch drift, and recovery risk.

AMIs and launch templates exist to make instance creation repeatable.

An AMI captures the software baseline. A launch template captures the launch-time choices: AMI ID, instance type, key pair, security groups, network interfaces, block devices, tags, user data, instance profile, and other launch parameters.

For SAA-C03, this topic usually appears inside EC2 Auto Scaling, fleet replacement, blue-green style updates, or "how do we launch identical instances reliably?" scenarios.

3. The Naive Approach And Where It Breaks

The naive pattern is:

open EC2 console -> click launch instance -> remember settings -> repeat

This breaks the moment you need more than one instance or one operator.

Another naive pattern is relying only on user data to install everything at boot. User data can be useful, but if every launch downloads many packages, configures large dependencies, and fetches secrets or artifacts during startup, scale-out becomes slow and fragile.

A third mistake is baking everything into an AMI and never updating it. That creates stale images, old packages, unpatched vulnerabilities, and inconsistent fleet refreshes.

The healthier model is to decide what belongs in the AMI and what belongs in bootstrap. Bake stable heavy dependencies into the AMI. Use launch templates for repeatable launch settings. Use user data or configuration management for environment-specific final steps.

4. Core Primitives

An Amazon Machine Image contains the information required to launch an EC2 instance. AWS documentation describes an AMI as including required software and block device mapping.

AMI scope matters. AMIs are Region-specific. If you need the same image in another Region, you copy the AMI.

AMI architecture matters. The image must be compatible with the selected instance type, operating system, processor architecture, root volume type, and virtualization type.

A launch template stores launch parameters so they do not need to be specified every time.

Launch template versions are numbered. You can create new versions when AMI IDs, instance types, user data, network settings, or other launch parameters change.

The default version is used when no specific version is requested.

User data runs bootstrap actions at launch.

Block device mappings define attached storage behavior.

An IAM instance profile gives the instance AWS API permissions.

Launch configurations are older Auto Scaling launch templates. AWS documentation recommends migrating to launch templates, and new-account limitations now restrict launch configurations.

5. Architecture Use Cases

Use a launch template for an Auto Scaling group:

Auto Scaling group -> launch template version -> EC2 instances from AMI

Use versioned templates for controlled rollouts. A new AMI can become a new launch template version. The Auto Scaling group can then use instance refresh to replace old instances gradually.

Use custom AMIs when startup time matters or when instances need a tested baseline of packages, agents, runtime dependencies, and hardening.

Use user data for small, environment-specific tasks such as fetching configuration, registering with a service, or starting application processes.

Use Systems Manager Parameter Store for dynamic AMI references when appropriate, especially for current public AMI IDs or pipeline-managed image references.

7. Security Model

AMI security starts with image provenance. Use trusted AMIs from AWS, controlled private AMIs, or vetted Marketplace images.

Do not use random public AMIs for production workloads. They can contain unknown software, old packages, weak hardening, or malicious changes.

Control who can create, share, copy, and launch AMIs. AMI sharing can cross account boundaries, so it needs deliberate governance.

Launch templates can contain security-sensitive choices: IAM instance profiles, security groups, user data, public IP association, and storage encryption settings.

User data should not contain long-lived secrets. Use IAM roles, Secrets Manager, Parameter Store, and short-lived credentials instead.

For encrypted AMIs and EBS volumes, KMS key policy must allow intended accounts and services to use the key.

8. Reliability And Resilience

Repeatable launches improve recovery. If an instance fails, automation can replace it from the same recipe.

However, a launch template only helps if the AMI and bootstrap path are valid. If the AMI is deleted, permissions are wrong, the KMS key is inaccessible, or user data fails, new instances will fail too.

Versioning supports safer rollouts. Keep known-good template versions until the new version is proven.

For Auto Scaling groups, changing a launch template version does not automatically mutate existing instances. You need replacement behavior, such as instance refresh, rolling deployment, or termination and replacement.

Test AMIs before making them production defaults. A bad AMI in an Auto Scaling group can turn one instance problem into a fleet problem.

9. Performance And Scaling

Launch speed matters during scale-out and recovery.

Heavy bootstrap scripts slow response to traffic spikes. A fleet that needs 20 minutes to install dependencies cannot react quickly to sudden load.

Baked AMIs can reduce startup time, but they require an image pipeline and patch process.

Large AMIs, slow package repositories, external artifact downloads, and unavailable configuration endpoints can all delay launch.

Choose instance types in the launch template that match CPU, memory, architecture, network, and storage requirements. Do not let an old template keep launching underpowered or unavailable instance families.

For mixed instance policies, launch templates can work with instance overrides and purchase options in Auto Scaling designs.

10. Cost Model

AMIs themselves can involve EBS snapshot storage cost. Large, stale, or duplicated images add up.

Launch templates do not add meaningful cost by themselves, but the resources they launch do: EC2, EBS, Elastic IPs, data transfer, load balancers, logs, and monitoring.

A good AMI and template process can reduce operational cost by making fleets consistent and recoverable.

A bad process can increase cost by launching oversized instances, retaining stale snapshots, or keeping old image versions forever.

Cost-aware teams prune old AMIs and snapshots carefully while preserving rollback versions that are still needed.

12. SAA-C03 Exam Signals

"Launch identical EC2 instances repeatedly" points to launch templates and AMIs.

"Auto Scaling group needs instance configuration" points to a launch template.

"Update AMI for an Auto Scaling group" points to a new launch template version plus instance refresh or replacement.

"Launch configuration" is usually an older pattern. Prefer launch templates unless the question is explicitly about legacy resources.

"AMI is copied to another Region" appears when the same image is needed outside its original Region.

"Existing instances should immediately change after AMI update" is a trap. Existing instances do not magically become the new image.

13. Common Exam Traps

Do not confuse an AMI with a snapshot. EBS snapshots can back AMI volumes, but the AMI is the launchable image metadata and mapping.

Do not assume changing a launch template changes running instances.

Do not store secrets in user data.

Do not use launch configurations for new designs when launch templates are available.

Do not choose manual EC2 launch steps when repeatability is required.

Do not ignore Region and architecture compatibility for AMIs.

15. Related Topics

Review Amazon EC2 before this page, then study Amazon EC2 Auto Scaling to see how launch templates drive fleet replacement and scale-out.

Next, study AWS CloudFormation because templates and AMIs often become part of infrastructure-as-code.

Official AWS references:

• Store instance launch parameters in Amazon EC2 launch templates
• Amazon Machine Images in Amazon EC2
• Auto Scaling launch configurations