Amazon EC2 adds AMI Watermarks for governance
Amazon EC2 now supports AMI watermarks, allowing custom identifiers to be embedded in private AMIs. These watermarks persist through AMI copies and sharing, aiding in tracking provenance and enforcing governance policies. This feature helps identify trusted AMIs, filter related AMIs, and can be integrated with existing governance tools for scale. AMI watermarks are available at no additional cost in all AWS regions.
- →Introduce AMI Watermarks for private AMIs
- →Improve AMI tracking and governance enforcement
- →Availability and usage
Features (1) ›
- Introduce AMI Watermarks for private AMIs
Amazon EC2 now allows embedding custom identifiers, called watermarks, into private AMIs. These watermarks automatically propagate to derived AMIs, including copies across regions and AMIs created from running instances, and are visible when sharing AMIs. This feature aids in identifying trusted AMIs, tracking provenance, and enforcing governance policies by embedding metadata such as AMI ID, owner ID, region, and creation timestamps.
Enhancements (1) ›
- Improve AMI tracking and governance enforcement
AMI Watermarks enhance AMI tracking by enabling filtering and identification of related AMIs across accounts. They can be used with existing governance tools like Allowed AMIs and Declarative Policies to restrict instance launches to only AMIs with approved watermarks, ensuring policy enforcement at scale.
Notes (1) ›
- Availability and usage
AMI watermarks can be added using the AWS Management Console, AWS CLI, or SDKs, and can also be integrated into AMI build pipelines via EC2 Image Builder. The feature is available to all customers at no additional cost in all AWS regions.
https://aws.amazon.com/about-aws/whats-new/2026/06/ec2-image-watermarks-allowed-images