Creating Consistent AMIs from Running EC2 Instances: No-Reboot vs Snapshot-Based Approaches for Linux Web Servers with Postgres


2 views

When maintaining production systems on AWS EC2, particularly Linux servers running critical services like web servers and Postgres databases, administrators often face this precise challenge: how to create reliable AMIs without service interruption. The AWS documentation isn't always clear about the technical differences between these approaches.

Let's examine what actually happens during each process:

# Option 1: Direct AMI creation via AWS CLI (with reboot)
aws ec2 create-image \
    --instance-id i-1234567890abcdef0 \
    --name "WebServer-Prod-Backup" \
    --description "Daily backup of production web server" \
    --no-reboot  # Remove this flag for default behavior

# Option 2: Manual snapshot-to-AMI workflow
aws ec2 create-snapshot \
    --volume-id vol-1234567890abcdef0 \
    --description "Root volume snapshot for AMI creation"

aws ec2 register-image \
    --name "Manual-WebServer-AMI" \
    --architecture x86_64 \
    --root-device-name "/dev/sda1" \
    --block-device-mappings "[{\"DeviceName\":\"/dev/sda1\",\"Ebs\":{\"SnapshotId\":\"snap-1234567890abcdef0\"}}]"

The critical difference lies in how each method handles filesystem consistency:

  • Direct AMI with reboot: AWS performs a clean OS shutdown, ensuring all pending writes are flushed to disk
  • No-reboot AMI: Uses the same snapshot mechanism as manual snapshots, but hides the consistency warning
  • Manual snapshot approach: Makes you explicitly acknowledge the risk through separate steps

For databases, the consistency requirements are even stricter. Here's how to safely handle Postgres in either approach:

# For no-reboot scenarios, run these commands before AMI creation
sudo -u postgres psql -c "CHECKPOINT;"
sudo sync

# Alternative: Use pg_dump for consistent backups
pg_dump -Fc -U postgres mydatabase > /tmp/db_backup.dump

Based on extensive testing with web server stacks, I recommend:

  1. For emergency recovery points: Use no-reboot AMIs, but implement regular verification
  2. For planned migrations: Schedule during maintenance windows with reboot-enabled AMIs
  3. For database-heavy systems: Combine AMIs with logical Postgres dumps

After creating any AMI, run this verification process:

#!/bin/bash
INSTANCE_ID=$(aws ec2 run-instances \
    --image-id ami-1234567890abcdef0 \
    --instance-type t3.medium \
    --key-name MyKeyPair \
    --query 'Instances[0].InstanceId' \
    --output text)

aws ec2 wait instance-status-ok --instance-ids $INSTANCE_ID

# Check critical services
SSH_COMMANDS=$(cat <





When maintaining production workloads on AWS EC2 (particularly stateful services like databases and web servers), administrators face a critical choice between two AMI creation approaches:


    

  • Direct AMI creation from running instances
    • 

  • Manual AMI assembly from EBS snapshots
    • 



Option 1 (Instance → AMI): Behind the scenes, AWS performs these automated steps:


1. Creates snapshots of all attached EBS volumes
2. Registers AMI metadata (kernel ID, architecture, block device mapping)
3. Optionally reboots the instance unless 'No reboot' is selected


Option 2 (Snapshot → AMI): The manual process essentially replicates this workflow:


1. User-initiated snapshot creation
2. Manual AMI registration via AWS CLI/API:
   aws ec2 register-image \
     --name "web-server-backup" \
     --architecture x86_64 \
     --root-device-name "/dev/xvda" \
     --block-device-mappings "[{\"DeviceName\":\"/dev/xvda\",\"Ebs\":{\"SnapshotId\":\"snap-12345\"}}]"


The warning about filesystem integrity applies specifically to the 'No reboot' option in direct AMI creation. This occurs because:


    

  • Without instance shutdown, the filesystem cache isn't properly flushed
    • 

  • Pending disk writes may not be committed to storage
    • 

  • Database transactions mid-flight could be corrupted
    • 



Snapshot Safety Note: EBS snapshots are crash-consistent by design, but application-consistent backups require additional measures like freezing filesystems or using AWS Systems Manager.


For a PostgreSQL web server, consider this hybrid approach:


# Step 1: Quiesce the database
psql -c "SELECT pg_start_backup('ami_backup');"

# Step 2: Create manual snapshot
aws ec2 create-snapshot --volume-id vol-12345 --description "DB backup $(date +%F)"

# Step 3: End backup mode
psql -c "SELECT pg_stop_backup();"

# Step 4: Create AMI from snapshot (using correct virtualization type)
aws ec2 register-image \
  --name "prod-web-$(date +%s)" \
  --virtualization-type hvm \
  --root-device-name "/dev/sda1" \
  --block-device-mappings file://mappings.json





Direct AMI Creation
Manual Snapshot Approach




Quick one-off backups
Custom storage configurations




Non-critical workloads
Database servers requiring fs freeze




When instance metadata matters
Cross-account/region copying





For true zero-downtime protection, AMIs should be part of a broader strategy including:


    

  • Continuous WAL archiving for PostgreSQL
    • 

  • Multi-AZ deployments
    • 

  • Regular snapshot lifecycle policies using Data Lifecycle Manager
    •