How to deploy Ubuntu Pro in AWS

Ubuntu Pro is Canonical’s recommended choice for production workloads. Not only it benefits from all Ubuntu LTS features that we all know and love, but it also comes hardened and configured for production. It has 10 years of maintenance and updates for the entire stack, from kernel—through livepatch updates—to apps such as NGINX, MongoDB, Redis, Kafka, NodeJS; using the same cloud cost model that we are all used to.

The purpose of this guide is to show two ways to get a production-ready EC2 instance running Ubuntu Pro: Using the web console and through the AWS CLI.

What you’ll learn

  • How to deploy Ubuntu Pro instances in AWS using the web console
  • How to deploy Ubuntu Pro instances using AWS CLI
  • How to search for AMI ImageIDs using AWS CLI
  • How to check your support status

What you’ll need

  • An AWS account (with enough permissions to deploy EC2 instances, and subscribe to products from the Marketplace)
  • Basic knowledge about security groups, EC2 configuration and VPCs.
  • AWS CLI tool installed and configured to be able to deploy EC2 instances (only required for the AWS CLI alternative)

From the web console:

  1. Log into the Web Console and go to EC2
  2. Click on deploy your EC2 instance. Under “Step 1: Choose an Amazon Machine Image (AMI)”, search for “Ubuntu Pro” and select the Marketplace (at the time of this writing, all Ubuntu Pro images are listed under AWS Marketplace")
  3. Select the version you need (e.g. 18.04 or 20.04). You will get more information including the pricing list. Click to accept. Remember: you don’t get charged until you deploy and run the instance.
  4. Next screens are for configuring the instance: Size, disks, networking, security, etc.
  5. The final step will subscribe to the product and create the machine. You should receive an email confirming your subscription.

And that’s it. You have now a production-ready machine.


Launching a new instance using AWS CLI requires also finding the right Amazon Machine Image (AMI). So the steps are:

  1. Finding the right AMI ImageId
  2. Launching the instance using the AWS CLI and the respective parameters.

Step 1: Get Ubuntu Pro’s AMI ImageId

The following is an example for searching for Ubuntu Server Pro Focal Fossa (20.04)'s image IDs. The results will give you the image name, ImageID, OwnerId and Creation Date for the specific region you have previously configured your aws-cli.

aws ec2 describe-images --filters Name=name,Values=ubuntu-pro*focal* --query 'Images[*].[Name,ImageId,OwnerId,CreationDate]' --output text | sort -k4 -r | head -n 1

If you want to search for another version, change the filter replacing the version (here shown as “focal”) to the right one.

Pro Tip
It is always a good practice to double check the image provider (aka OwnerId) to be sure that you are choosing an image from a trusted vendor.

Amazon Marketplace OwnerID is 679593333241
Canonical OwnerID is 099720109477

By the time of this writing, the latest ImageId for Ubuntu-pro 20.04 is ami-09d9bb04b480d1aed for us-east-1 region.

Step 2: Create the instance using CLI.

Note: For this example, we are using t2.micro as the instance type and ami-09d9bb04b480d1aed as image ID

If you already have experience using AWS CLI, this shouldn’t be new. Just make sure that you are inserting correctly the parameters for the image-id and the rest of the instance configuration parameters.

Create the instance using the following command:

aws ec2 run-instances --image-id ami-09d9bb04b480d1aed --count 1 --instance-type t2.micro --key-name [youKeyPair] --security-group-ids [you security group sg-xx] --subnet-id [your subnet id subnet-xx]

If you are deploying an image from the marketplace for the first time, you will get an error stating that you need to go to the marketplace, accept the terms and subscribe. It will contain the direct link to visit and the process is very straightforward. This is key for automation and headless installation.

Once you have subscribed to the product, you can relaunch this command.

And that’s it. You have now a production-ready machine.

Bonus: How to check your coverage

Since you are now running Ubuntu Pro, you may want to do some “status check” to see coverage by Canonical. To do so, there is one command line tool, already included in every Ubuntu Server that will give you the status of your coverage.

ua status

Remember that there are also other AMIs if you ever need more security and FIPS compliance.

Other useful resources:

1 Like