Creating Consistent AMIs from Running EC2 Instances: No-Reboot vs Snapshot-Based Approaches for Linux Web Servers with Postgres


11 views

When maintaining production systems on AWS EC2, particularly Linux servers running critical services like web servers and Postgres databases, administrators often face this precise challenge: how to create reliable AMIs without service interruption. The AWS documentation isn't always clear about the technical differences between these approaches.

Let's examine what actually happens during each process:

# Option 1: Direct AMI creation via AWS CLI (with reboot)
aws ec2 create-image \
    --instance-id i-1234567890abcdef0 \
    --name "WebServer-Prod-Backup" \
    --description "Daily backup of production web server" \
    --no-reboot  # Remove this flag for default behavior

# Option 2: Manual snapshot-to-AMI workflow
aws ec2 create-snapshot \
    --volume-id vol-1234567890abcdef0 \
    --description "Root volume snapshot for AMI creation"

aws ec2 register-image \
    --name "Manual-WebServer-AMI" \
    --architecture x86_64 \
    --root-device-name "/dev/sda1" \
    --block-device-mappings "[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"SnapshotId\":\"snap-1234567890abcdef0\"}}]"

The critical difference lies in how each method handles filesystem consistency:

  • Direct AMI with reboot: AWS performs a clean OS shutdown, ensuring all pending writes are flushed to disk
  • No-reboot AMI: Uses the same snapshot mechanism as manual snapshots, but hides the consistency warning
  • Manual snapshot approach: Makes you explicitly acknowledge the risk through separate steps

For databases, the consistency requirements are even stricter. Here's how to safely handle Postgres in either approach:

# For no-reboot scenarios, run these commands before AMI creation
sudo -u postgres psql -c "CHECKPOINT;"
sudo sync

# Alternative: Use pg_dump for consistent backups
pg_dump -Fc -U postgres mydatabase > /tmp/db_backup.dump

Based on extensive testing with web server stacks, I recommend:

  1. For emergency recovery points: Use no-reboot AMIs, but implement regular verification
  2. For planned migrations: Schedule during maintenance windows with reboot-enabled AMIs
  3. For database-heavy systems: Combine AMIs with logical Postgres dumps

After creating any AMI, run this verification process:

#!/bin/bash
INSTANCE_ID=$(aws ec2 run-instances \
    --image-id ami-1234567890abcdef0 \
    --instance-type t3.medium \
    --key-name MyKeyPair \
    --query 'Instances[0].InstanceId' \
    --output text)

aws ec2 wait instance-status-ok --instance-ids $INSTANCE_ID

# Check critical services
SSH_COMMANDS=$(cat <





When maintaining production workloads on AWS EC2 (particularly stateful services like databases and web servers), administrators face a critical choice between two AMI creation approaches:


    

  • Direct AMI creation from running instances
    • 

  • Manual AMI assembly from EBS snapshots
    • 



Option 1 (Instance → AMI): Behind the scenes, AWS performs these automated steps:


1. Creates snapshots of all attached EBS volumes
2. Registers AMI metadata (kernel ID, architecture, block device mapping)
3. Optionally reboots the instance unless 'No reboot' is selected


Option 2 (Snapshot → AMI): The manual process essentially replicates this workflow:


1. User-initiated snapshot creation
2. Manual AMI registration via AWS CLI/API:
   aws ec2 register-image \
     --name "web-server-backup" \
     --architecture x86_64 \
     --root-device-name "/dev/xvda" \
     --block-device-mappings "[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"SnapshotId\":\"snap-12345\"}}]"


The warning about filesystem integrity applies specifically to the 'No reboot' option in direct AMI creation. This occurs because:


    

  • Without instance shutdown, the filesystem cache isn't properly flushed
    • 

  • Pending disk writes may not be committed to storage
    • 

  • Database transactions mid-flight could be corrupted
    • 



Snapshot Safety Note: EBS snapshots are crash-consistent by design, but application-consistent backups require additional measures like freezing filesystems or using AWS Systems Manager.


For a PostgreSQL web server, consider this hybrid approach:


# Step 1: Quiesce the database
psql -c "SELECT pg_start_backup('ami_backup');"

# Step 2: Create manual snapshot
aws ec2 create-snapshot --volume-id vol-12345 --description "DB backup $(date +%F)"

# Step 3: End backup mode
psql -c "SELECT pg_stop_backup();"

# Step 4: Create AMI from snapshot (using correct virtualization type)
aws ec2 register-image \
  --name "prod-web-$(date +%s)" \
  --virtualization-type hvm \
  --root-device-name "/dev/sda1" \
  --block-device-mappings file://mappings.json





Direct AMI Creation
Manual Snapshot Approach




Quick one-off backups
Custom storage configurations




Non-critical workloads
Database servers requiring fs freeze




When instance metadata matters
Cross-account/region copying





For true zero-downtime protection, AMIs should be part of a broader strategy including:


    

  • Continuous WAL archiving for PostgreSQL
    • 

  • Multi-AZ deployments
    • 

  • Regular snapshot lifecycle policies using Data Lifecycle Manager
    •