How to deploy Ubuntu Pro in AWS in 2023

In April 2023, Canonical partnered with AWS to release Ubuntu Pro on Amazon EC2, offering many new benefits to users including expanded security maintenance, kernel live patch, hardening scripts and FIPS security compliance. As more AWS Cloud users are upgrading to Ubuntu Pro, the process of deployment has continued to streamline, making it increasingly efficient and user-friendly.

In this step-by-step guide, learn the best practices to launch Ubuntu Pro on AWS. This guide applies to all Ubuntu users whether utilizing version 16.04 or 18.04 (which have already reached end-of-support) to the latest release.

Ubuntu Pro on AWS

Ubuntu Pro is available for AMD64 and Graviton platforms, both with an optimized kernel to provide better performance while supporting nearly all instance types available.

Ubuntu on AWS is available in different options:

Please visit Ubuntu Pro for AWS | Ubuntu to learn more about the Ubuntu Pro features offered in the different Ubuntu versions and architectures.

Ubuntu Pro architecture reference and requirements

Whether you are launching an Ubuntu Pro AMI or upgrading an Ubuntu LTS instance, make sure your machine has internet access to Canonical’s Pro endpoints for activating services and accessing content. Please see below a reference architecture diagram when deploying on public subnets. When deploying in private subnets, you may need a NAT gateway for granting internet access to the machine.

The network endpoints are:

For kernel Livepatch:

  • 443:*

For more information, please refer to the official documentation

How to launch or upgrade to Ubuntu Pro?

Ubuntu Pro is available as two different options on AWS: as a native Amazon Machine Image (AMI) for launching fresh instances of Ubuntu Pro; or as a license upgrade from your existing Ubuntu LTS instances.

Launching Fresh Instances of Ubuntu Pro

This option is for customers who prefer to deploy fresh instances of Ubuntu Pro. It is useful for companies with capabilities to automatically deploy and test software on different AMIs.

There are three main ways to launch an Ubuntu Pro instance on AWS.

1. Using the EC2 Quickstart menu

Customers who prefer to navigate the web interface can launch Ubuntu Pro directly in the EC2 console using the quickstart option, select the latest version of Ubuntu Pro (22.04) for both AMD64 and Graviton (ARM) architectures.

2. Using the AWS Marketplace

If you are looking for previous Ubuntu versions, from 16.04 LTS up to 20.04 LTS, you can go to the AWS Marketplace and search for “Ubuntu Pro” or “Ubuntu Pro - ARM” in the search bar. These images on the AWS Marketplace are EC2 native and do not require an AWS Marketplace subscription to access.

3. Using the AWS CLI Tool

If you prefer automation and command line interfaces (CLI), use AWS CLI to access and launch the latest Ubuntu Pro AMI. The process is described in more detail at our official documentation

Using the EC2 describe-images API:

    aws ec2 describe-images --owner 099720109477 \
      --filters "Name=name,Values=ubuntu-pro-server/images/hvm-ssd/ubuntu-*22.04-amd64*" \
      --query 'sort_by(Images, &CreationDate)[-1].{Name: Name, ImageId: ImageId, CreationDate: CreationDate}'

Using the SSM Parameter Store API:

aws ssm get-parameters --names /aws/service/canonical/ubuntu/pro-server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id

Note: You can change 22.04 to the Ubuntu release version you are looking for (e.g. 18.04, 20.04) and change amd64 to arm64 if you need the Graviton AMIs.

By specifying the --owner of an image, users can verify that an AMI was published by Canonical. The expected value for Canonical is one of the following:

  • 099720109477 (in the default partition)
  • 513442679011 (in the GovCloud partition)
  • 837727238323 (in the China partition)

This process will provide the AMI ID needed to launch a new instance. You can then use the EC2 run-instances API to launch it using AWS CLI, as shown in this basic example:

aws ec2 run-instances --image-id $AMI --count 1 \
    --instance-type t2.micro --key-name $key_pair_name \
    --security-group-ids $security_group_id --subnet-id $subnet_id

Upgrading Current Instances of Ubuntu LTS to Ubuntu Pro

If redeployment is not an option, you can also easily upgrade your existing Ubuntu LTS machines to Ubuntu Pro with just a few clicks via AWS License Manager, without long-term subscriptions or commitments.

To utilize this option, your machines must be managed by SSM and a license conversion must be performed on AWS License Manager.

To learn more, visit these resources.

  • Step-by-step tutorial - How to upgrade Ubuntu LTS to Ubuntu Pro on AWS using AWS License Manager
  • Video - Upgrade Ubuntu LTS to Ubuntu Pro on AWS

Need support or have additional questions?

Contact us at or complete the form.

Additional Resources about Ubuntu Pro on AWS

Bonus: How to check your coverage

Since you are now running Ubuntu Pro, you may want to do some “status check” to see coverage by Canonical. To do so, there is one command line tool, already included in every Ubuntu Server that will give you the status of your coverage.

pro status



@carlos-bravo Pro is now available on the EC2 console. Would be nice to get this article updated.

1 Like

You are right. This is quite old!