How to deploy Ubuntu Pro in AWS

Ubuntu Pro is Canonical’s recommended choice for professional use. Not only it benefits from all Ubuntu LTS features that we all know and love, but it also comes hardened and configured for production. It has 10 years of maintenance and updates for the entire stack, from kernel—through livepatch updates—to apps such as NGINX, MongoDB, Redis, Kafka, NodeJS; using the same cloud cost model that we are all used to.

The purpose of this guide is to show two ways to get an EC2 instance running Ubuntu Pro: Using the web console and through the AWS CLI.

What you’ll learn

  • How to deploy Ubuntu Pro instances in AWS using the web console
  • How to deploy Ubuntu Pro instances using AWS CLI
  • How to search for AMI ImageIDs using AWS CLI
  • How to check your support status

What you’ll need

  • An AWS account (with enough permissions to deploy EC2 instances, and subscribe to products from the Marketplace)
  • Basic knowledge about security groups, EC2 configuration and VPCs.
  • AWS CLI tool installed and configured to be able to deploy EC2 instances (only required for the AWS CLI alternative)

From the web console:

  1. Log into the Web Console and go to EC2
  2. Click on deploy your EC2 instance. Under “Step 1: Choose an Amazon Machine Image (AMI)”, search for “Ubuntu Pro” and select the Marketplace (at the time of this writing, all Ubuntu Pro images are listed under AWS Marketplace")
  3. Select the version you need (e.g. 18.04 or 20.04). You will get more information including the pricing list. Click to accept. Remember: you don’t get charged until you deploy and run the instance.
  4. Next screens are for configuring the instance: Size, disks, networking, security, etc.
  5. The final step will subscribe to the product and create the machine. You should receive an email confirming your subscription.

And that’s it. You have now a machine with extended support for the entire stack.


Launching a new instance using AWS CLI requires also finding the right Amazon Machine Image (AMI). So the steps are:

  1. Finding the right AMI ImageId
  2. Launching the instance using the AWS CLI with its config parameters.

Step 1: Get Ubuntu Pro’s AMI ImageId

Duration: 4:00

Method 1: Through EC2 describe-images

The following is an example for searching for Ubuntu Server Pro Focal Fossa (20.04)'s image IDs with the describe-images tool. The results will give you a list with all the images matching the search criteria, with their related metadata: name, ImageID, OwnerId and Creation Date for the specific region you have previously configured your aws-cli.

Since it gives you a big list, you need to apply some piping to order and cut the number of results. Below you will see what is needed to get only the latest AMI.

aws ec2 describe-images --filters Name=name,Values=ubuntu-pro*focal* --query 'Images[*].[Name,ImageId,OwnerId,CreationDate]' --output text | sort -k4 -r | head -n 1

If you want to search for another version, change the filter replacing the version (here shown as “focal”) to the right one.

Method 2: Using Systems Manager’s parameter store

There is a faster and more precise way to get the latest AMI, which is through SSM’s parameter store.

Each Marketplace product has a general product identifier which is not tied directly to the AMI, allowing us to query using a persistent identifier to get the latest AMI.

This is the list of products that we have at the moment of writing this tutorial:

Name Architecture identifier
Ubuntu Pro FIPS 16.04 LTS amd64 prod-hykkbajyverq4
Ubuntu Pro FIPS 18.04 LTS amd64 prod-7izp2xqnddwdc
Ubuntu Pro FIPS 20.04 LTS amd64 prod-k6fgbnayirmrc
Ubuntu Pro 14.04 LTS amd64 prod-7u42cjnp5pcuo
Ubuntu Pro 16.04 LTS amd64 prod-f6ogoaqs7lwre
Ubuntu Pro 18.04 LTS amd64 prod-jlgu4232gpnwa
Ubuntu Pro 20.04 LTS amd64 prod-3sk4unyn4iwqu

If you want to query SSM and get the latest AMI, just change the product identifier in the command shown below.

aws ssm get-parameter --name /aws/service/marketplace/<identifier>/latest

The results will include general metadata, with the latest AMI ready to use.

Pro Tip
It is always a good practice to double check the image provider (aka OwnerId) to be sure that you are choosing an image from a trusted vendor.

Amazon Marketplace OwnerID is 679593333241
Canonical OwnerID is 099720109477

By the time of this writing, the latest ImageId for Ubuntu-pro 20.04 was ami-0ae1f7f35ab8e62d5 for us-east-1 region.

Step 2: Create the instance using CLI.

Duration: 5:00

Note: For this example, we are using t2.micro as the instance type and ami-0ae1f7f35ab8e62d5 as image ID

If you already have experience using AWS CLI, this shouldn’t be new. Just make sure that you are inserting correctly the parameters for the image-id and the rest of the instance configuration parameters.

Create the instance using the following command:

aws ec2 run-instances --image-id ami-0ae1f7f35ab8e62d5 --count 1 --instance-type t2.micro --key-name [youKeyPair] --security-group-ids [you security group sg-xx] --subnet-id [your subnet id subnet-xx]

If you are deploying an image from the marketplace for the first time, you will get an error stating that you need to go to the marketplace, accept the terms and subscribe. It will contain the direct link to visit and the process is very straightforward. This is key for automation and headless installation.

Once you have subscribed to the product, you can relaunch this command.

And that’s it. You have now a production-ready machine.

Bonus: How to check your coverage

Since you are now running Ubuntu Pro, you may want to do some “status check” to see coverage by Canonical. To do so, there is one command line tool, already included in every Ubuntu Server that will give you the status of your coverage.

ua status


Remember that there are also other AMIs if you ever need more security and FIPS compliance.

Other useful resources: