In April 2023, Canonical partnered with AWS to release Ubuntu Pro on Amazon EC2, offering many new benefits to users including expanded security maintenance, kernel live patch, hardening scripts and FIPS security compliance. As more AWS Cloud users are upgrading to Ubuntu Pro, the process of deployment has continued to streamline, making it increasingly efficient and user-friendly.
In this step-by-step guide, learn the best practices to launch Ubuntu Pro on AWS. This guide applies to all Ubuntu users whether utilizing version 16.04 or 18.04 (which have already reached end-of-support) to the latest release.
Ubuntu Pro on AWS
Ubuntu Pro is available for AMD64 and Graviton platforms, both with an optimized kernel to provide better performance while supporting nearly all instance types available.
Ubuntu on AWS is available in different options:
- Ubuntu LTS server (EC2 AMI)
- Ubuntu server minimal
- Ubuntu server for EKS (Minimal Ubuntu for EKS worker nodes)
- Ubuntu Pro (22.04 only in EC2 quickstart menu)
- Ubuntu Pro FIPS (Ubuntu Pro with FIPS kernel pre-enabled)
- Ubuntu Pro with Real-time Kernel (Ubuntu with Real-time kernel pre-enabled)
- Anbox Cloud Appliance (Run Android containers in the cloud)
- Charmed Kubeflow on AWS (MLOps platform for AI/ML)
- MicroK8s Appliance for AWS (minimal CNCF-certified Kubernetes distribution)
- Ubuntu Pro Desktop for Amazon Workspaces
Please visit Ubuntu Pro for AWS | Ubuntu to learn more about the Ubuntu Pro features offered in the different Ubuntu versions and architectures.
Ubuntu Pro architecture reference and requirements
Whether you are launching an Ubuntu Pro AMI or upgrading an Ubuntu LTS instance, make sure your machine has internet access to Canonical’s Pro endpoints for activating services and accessing content. Please see below a reference architecture diagram when deploying on public subnets. When deploying in private subnets, you may need a NAT gateway for granting internet access to the machine.
The network endpoints are:
For kernel Livepatch:
- 443:api.snapcraft.io
- 443:dashboard.snapcraft.io
- 443:login.ubuntu.com
- 443:*.snapcraftcontent.com
For more information, please refer to the official documentation
How to launch or upgrade to Ubuntu Pro?
Ubuntu Pro is available as two different options on AWS: as a native Amazon Machine Image (AMI) for launching fresh instances of Ubuntu Pro; or as a license upgrade from your existing Ubuntu LTS instances.
Launching Fresh Instances of Ubuntu Pro
This option is for customers who prefer to deploy fresh instances of Ubuntu Pro. It is useful for companies with capabilities to automatically deploy and test software on different AMIs.
There are three main ways to launch an Ubuntu Pro instance on AWS.
1. Using the EC2 Quickstart menu
Customers who prefer to navigate the web interface can launch Ubuntu Pro directly in the EC2 console using the quickstart option, select the latest version of Ubuntu Pro (22.04) for both AMD64 and Graviton (ARM) architectures.
2. Using the AWS Marketplace
If you are looking for previous Ubuntu versions, from 16.04 LTS up to 20.04 LTS, you can go to the AWS Marketplace and search for “Ubuntu Pro” or “Ubuntu Pro - ARM” in the search bar. These images on the AWS Marketplace are EC2 native and do not require an AWS Marketplace subscription to access.
3. Using the AWS CLI Tool
If you prefer automation and command line interfaces (CLI), use AWS CLI to access and launch the latest Ubuntu Pro AMI. The process is described in more detail at our official documentation
Using the EC2 describe-images API:
aws ec2 describe-images --owner 099720109477 \
--filters "Name=name,Values=ubuntu-pro-server/images/hvm-ssd/ubuntu-*22.04-amd64*" \
--query 'sort_by(Images, &CreationDate)[-1].{Name: Name, ImageId: ImageId, CreationDate: CreationDate}'
Using the SSM Parameter Store API:
aws ssm get-parameters --names /aws/service/canonical/ubuntu/pro-server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id
Note: You can change
22.04to the Ubuntu release version you are looking for (e.g. 18.04, 20.04) and changeamd64toarm64if you need the Graviton AMIs.
By specifying the --owner of an image, users can verify that an AMI was published by Canonical. The expected value for Canonical is one of the following:
- 099720109477 (in the default partition)
- 513442679011 (in the GovCloud partition)
- 837727238323 (in the China partition)
This process will provide the AMI ID needed to launch a new instance. You can then use the EC2 run-instances API to launch it using AWS CLI, as shown in this basic example:
aws ec2 run-instances --image-id $AMI --count 1 \
--instance-type t2.micro --key-name $key_pair_name \
--security-group-ids $security_group_id --subnet-id $subnet_id
Upgrading Current Instances of Ubuntu LTS to Ubuntu Pro
If redeployment is not an option, you can also easily upgrade your existing Ubuntu LTS machines to Ubuntu Pro with just a few clicks via AWS License Manager, without long-term subscriptions or commitments.
To utilize this option, your machines must be managed by SSM and a license conversion must be performed on AWS License Manager.
To learn more, visit these resources.
- Step-by-step tutorial - How to upgrade Ubuntu LTS to Ubuntu Pro on AWS using AWS License Manager
- Video - Upgrade Ubuntu LTS to Ubuntu Pro on AWS
Need support or have additional questions?
Contact us at aws@canonical.com or complete the form.
Additional Resources about Ubuntu Pro on AWS
- What is so Pro in Ubuntu Pro? (Webinar)
- Ubuntu Pro
- Ubuntu Pro on AWS
- Ubuntu Pro onboarding page (for current or new Ubuntu Pro users)
- Find Ubuntu images on AWS using AWS CLI
Bonus: How to check your coverage
Since you are now running Ubuntu Pro, you may want to do some “status check” to see coverage by Canonical. To do so, there is one command line tool, already included in every Ubuntu Server that will give you the status of your coverage.
pro status
