AWS Security ChangesHomeSearch

AWS AWSEC2 documentation change

Service: AWSEC2 · 2025-10-22 · Documentation low

File: AWSEC2/latest/UserGuide/how-ami-copy-works.md

Summary

Updated terminology from 'instance store-backed AMI' to 'Amazon S3-backed AMI' throughout the document to clarify storage backend references

Security assessment

The changes correct terminology but do not address security vulnerabilities or introduce security features. The updates clarify storage backend types without modifying security controls or encryption requirements.

Diff

diff --git a/AWSEC2/latest/UserGuide/how-ami-copy-works.md b/AWSEC2/latest/UserGuide/how-ami-copy-works.md
index 06a2a24dc..4e23ac2cc 100644
--- a//AWSEC2/latest/UserGuide/how-ami-copy-works.md
+++ b//AWSEC2/latest/UserGuide/how-ami-copy-works.md
@@ -45 +45 @@ The following diagram shows the relationship between a source AMI and two copied
-When you first copy an instance store-backed AMI to a Region, we create an Amazon S3 bucket for the AMIs copied to that Region. All instance store-backed AMIs that you copy to that Region are stored in this bucket. The bucket names have the following format: amis-for-`account`-in-`region`-`hash`. For example: `amis-for-123456789012-in-us-east-2-yhjmxvp6`.
+When you first copy an Amazon S3-backed AMI to a Region, we create an Amazon S3 bucket for the AMIs copied to that Region. All Amazon S3-backed AMIs that you copy to that Region are stored in this bucket. The bucket names have the following format: amis-for-`account`-in-`region`-`hash`. For example: `amis-for-123456789012-in-us-east-2-yhjmxvp6`.
@@ -79 +79 @@ If an AMI from another AWS account is [shared with your AWS account](./sharingam
-To copy an AMI that was shared with you from another account, the owner of the source AMI must grant you read permissions for the storage that backs the AMI, not just for the AMI itself. The storage is either the associated EBS snapshot (for an Amazon EBS-backed AMI) or an associated S3 bucket (for an instance store-backed AMI). If the shared AMI has encrypted snapshots, the owner must share the key or keys with you. For more information about granting resource permissions, for EBS snapshots, see [Share an Amazon EBS snapshot with other AWS accounts](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-modifying-snapshot-permissions.html) in the _Amazon EBS User Guide_ , and for S3 buckets, see [Identity and access management for Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-iam.html) in the _Amazon S3 User Guide_.
+To copy an AMI that was shared with you from another account, the owner of the source AMI must grant you read permissions for the storage that backs the AMI, not just for the AMI itself. The storage is either the associated EBS snapshot (for an Amazon EBS-backed AMI) or an associated S3 bucket (for an Amazon S3-backed AMI). If the shared AMI has encrypted snapshots, the owner must share the key or keys with you. For more information about granting resource permissions, for EBS snapshots, see [Share an Amazon EBS snapshot with other AWS accounts](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-modifying-snapshot-permissions.html) in the _Amazon EBS User Guide_ , and for S3 buckets, see [Identity and access management for Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-iam.html) in the _Amazon S3 User Guide_.
@@ -106 +106 @@ Scenario | Description | Supported
-Encrypting during the `CopyImage` action applies only to Amazon EBS-backed AMIs. Because an instance store-backed AMI does not use snapshots, you can't use copying to change its encryption status.
+Encrypting during the `CopyImage` action applies only to Amazon EBS-backed AMIs. Because an Amazon S3-backed AMI does not use snapshots, you can't use copying to change its encryption status.