Launching an Instance from a Launch Template

You can create a launch template that contains the configuration information to launch
an instance. Launch templates enable you to store launch parameters so that you do
not have to specify them every time you launch an instance. For example, a launch
template can contain the AMI ID, instance type, and network settings that you typically
use to launch instances. When you launch an instance using the Amazon EC2 console,
an AWS SDK, or a command line tool, you can specify the launch template to use.

For each launch template, you can create one or more numbered launch template
versions. Each version can have different launch parameters. When you launch an
instance from a launch template, you can use any version of the launch template. If you
do not specify a version, the default version is used. You can set any version of the
launch template as the default version—by default, it's the first version of the launch
template.

The following diagram shows a launch template with three versions. The first version
specifies the instance type, AMI ID, subnet, and key pair to use to launch the instance.
The second version is based on the first version and also specifies a security group for
the instance. The third version uses different values for some of the parameters.
Version 2 is set as the default version. If you launched an instance from this launch
template, the launch parameters from version 2 would be used if no other version were
specified.

Launch Template Restrictions

The following rules apply to launch templates and launch template versions:
  You are limited to creating 1,000 launch templates per region and 10,000
versions per launch template.
 Launch parameters are optional. However, you must ensure that your request to
launch an instance includes all required parameters. For example, if your launch
template does not include an AMI ID, you must specify both the launch template
and an AMI ID when you launch an instance.
 Launch template parameters are not validated when you create the launch
template. Ensure that you specify the correct values for the parameters and that
you use supported parameter combinations. For example, to launch an instance
in a placement group, you must specify a supported instance type.
 You can tag a launch template, but you cannot tag a launch template version.
 Launch template versions are numbered in the order in which they are created.
When you create a launch template version, you cannot specify the version
number yourself.

Using Launch Templates to Control Launch Parameters

A launch template can contain all or some of the parameters to launch an instance.
When you launch an instance using a launch template, you can override parameters
that are specified in the launch template, or you can specify additional parameters that
are not in the launch template.

Note

You cannot remove launch template parameters during launch (for example, you cannot
specify a null value for the parameter). To remove a parameter, create a new version of
the launch template without the parameter and use that version to launch the instance.

To launch instances, IAM users must have permission to use

the ec2:RunInstances action, and they must have permission to create or use the
resources that are created or associated with the instance. You can use resource-level
permissions for the ec2:RunInstances action to control the launch parameters that users
can specify, or you can grant users permission to launch an instance using a launch
template instead. This enables you to manage launch parameters in a launch template
rather than in an IAM policy, and to use a launch template as an authorization vehicle
for launching instances. For example, you can specify that users can only launch
instances using a launch template, and that they can only use a specific launch
template. You can also control the launch parameters that users can override in the
launch template. For example policies, see Launch Templates.

Controlling the Use of Launch Templates

By default, IAM users do not have permissions to work with launch templates. You can
create an IAM user policy that grants users permissions to create, modify, describe, and
delete launch templates and launch template versions. You can also apply resource-
level permissions to some launch template actions to control a user's ability to use
specific resources for those actions. For more information, see Supported Resource-
Level Permissions for Amazon EC2 API Actions and the following example policies: 13.
Working with Launch Templates.

Take care when granting users permissions to use

the ec2:CreateLaunchTemplate andec2:CreateLaunchTemplateVersion actions. These
actions do not support resource-level permissions that enable you to control which
resources users can specify in the launch template. To restrict the resources that are
used to launch an instance, ensure that you grant permissions to create launch
templates and launch template versions only to appropriate administrators.