How to find non-shared aws ami

Question

I'd like to delete all AMIs that my own and they are non-shared.
Eg:

$aws ec2 describe-images --executable-users 804427628951

This will list all images by user 804427628951 with explicit launch permissions. But I don't know how to list all non-shared AMI. Could you please help?
Thanks.

Answer 1

You can list AMIs that are in an account and how they are shared using a combination of aws ec2 describe-images and aws ec2 describe-image-attribute. The latter can return the launchPermission element which is a list of accounts that the AMI is shared with. Combining the two allows you to iterate over all images and count how many times they are shared as follows:

for ami in $(aws ec2 describe-images --owners self | jq -r '.Images[].ImageId')
  do aws ec2 describe-image-attribute --image-id $ami --attribute 'launchPermission' | \
    jq '.ImageId + " - " + ([.LaunchPermissions[]]|length|tostring)'
done

In your case you're only interested in the unshared images so you might want to do this:

for ami in $(aws ec2 describe-images --owners self | jq -r '.Images[].ImageId')
  do
    ct=$(aws ec2 describe-image-attribute --image-id $ami --attribute 'launchPermission' | \
      jq '[.LaunchPermissions[]]|length')
    if [ 0 -eq $ct ]; then echo $ami; fi
done

Answer 2

You can list all of your own Amazon Machine Images (AMIs) with the command:

aws ec2 describe-images --filters Name=image-type,Values=machine Name=owner-id,Values=YOUR_ACCOUNT_ID

Within the output, private images will be shown as "Public": false.

You could also show only private images:

aws ec2 describe-images --filters Name=image-type,Values=machine Name=is-public,Values=false Name=owner-id,Values=YOUR_ACCOUNT_ID