Contents
Get list of official Debian images with awscli
AWS owner ID of AMI images can be checked here: Cloud/AmazonEC2Image/Marketplace.
awscli package have to be installed and AWS credentials configured before to run commands below.
Get list of all official Debian 13 Trixie images:
aws ec2 describe-images --region eu-north-1 --owners 136693071363 --filters 'Name=name,Values=debian-13-*' --query 'reverse(sort_by(Images, &CreationDate))[].[CreationDate,Name,ImageId]' --output table
Output example:
-------------------------------------------------------------------------------------------------- | DescribeImages | +--------------------------+-------------------------------------------+-------------------------+ | 2025-11-29T15:59:26.000Z| debian-13-backports-amd64-20251129-2311 | ami-0b4fad506323747d4 | | 2025-11-29T15:59:22.000Z| debian-13-backports-arm64-20251129-2311 | ami-0c7de8b03968e7b0d | | 2025-11-25T14:28:27.000Z| debian-13-backports-arm64-20251124-2306 | ami-080cc10bd5016c7de | | 2025-11-25T14:28:23.000Z| debian-13-backports-amd64-20251124-2306 | ami-014be79bce6b315af | | 2025-11-20T14:24:17.000Z| debian-13-backports-arm64-20251119-2301 | ami-002e33b624c79c83c | | 2025-11-20T14:19:18.000Z| debian-13-backports-amd64-20251119-2301 | ami-09468459bef0f7c94 | | 2025-11-17T19:21:24.000Z| debian-13-arm64-20251117-2299 | ami-0e048b1bd45fb6dd0 | | 2025-11-17T19:20:56.000Z| debian-13-amd64-20251117-2299 | ami-04d31621d6b368b6b | | 2025-10-06T12:42:23.000Z| debian-13-arm64-20251006-2257 | ami-00d10b968cb6e8bf5 | | 2025-10-06T12:41:19.000Z| debian-13-amd64-20251006-2257 | ami-0e63a5a9c1c7e5563 | | 2025-09-24T23:25:26.000Z| debian-13-amd64-20250924-2245 | ami-051c96b67a192ca8c | | 2025-09-24T23:25:10.000Z| debian-13-arm64-20250924-2245 | ami-0564ccab15f5a5ec7 | | 2025-09-11T14:09:24.000Z| debian-13-amd64-20250911-2232 | ami-0f1459e6b092c1604 | | 2025-09-11T14:09:23.000Z| debian-13-arm64-20250911-2232 | ami-08ccb2a8f52e261b0 | | 2025-08-14T14:41:02.000Z| debian-13-arm64-20250814-2204 | ami-0c866af6bd9a240d4 | | 2025-08-14T14:40:18.000Z| debian-13-amd64-20250814-2204 | ami-0955d1e82085ce3e8 | | 2025-08-11T13:51:15.000Z| debian-13-amd64-20250811-2201 | ami-06bb96ad55a7354eb | | 2025-08-11T13:50:40.000Z| debian-13-arm64-20250811-2201 | ami-023005e7adc4dd591 | | 2025-08-06T07:39:53.000Z| debian-13-arm64-20250806-2196 | ami-0c21ce422a96d6d51 | | 2025-08-06T07:39:17.000Z| debian-13-amd64-20250806-2196 | ami-0d6a14db9f697e41e | +--------------------------+-------------------------------------------+-------------------------+
Get list of all official Debian 13 Trixie images for x86_64 architecture:
aws ec2 describe-images --region eu-north-1 --owners 136693071363 --filters 'Name=architecture,Values=x86_64' 'Name=name,Values=debian-13-*' --query 'sort_by(Images, &CreationDate)[].[CreationDate,Name,ImageId]' --output table
Get only one latest AMI ID of Debian 13 Trixie image for x86_64 architecture:
aws ec2 describe-images --region eu-north-1 --owners 136693071363 --filters 'Name=architecture,Values=x86_64' 'Name=name,Values=debian-13-*' --query 'sort_by(Images, &CreationDate)[-1].[ImageId]' --output text
Old images till Debian 9 Stretch
Images were published from owner 379101102735 and are absent in AWS at 2025.
Create ec2 instance with Debian 13 Trixie
Example: how to create ec2 instance and how to use "cloud-config" parameters (cloud-init).
Next information have to be collected before to execute the script:
SSH key name in EC2 service (take a look at aws ec2 describe-key-pairs --query 'KeyPairs[].KeyName')
- VPC subnet ID
- VPC security group ID
- desired username for SSH login
- desired additional SSH keys for login
Replace all the "XXXXX" before to run the script.
The default user account is "admin", and it will have SSH key from --key-name argument. The user can be disabled by removing "default" from list "users" below.
Also, user "my-username" will be created, with full access to sudo, multiple SSH keys and zsh as default shell. Just for example.
The cheapest "magnetic" storage (HDD) is used in the example. Use VolumeType=gp3 or other type for better performance.
Even cheaper instance: try --instance-market-options MarketType=spot.
More options and examples in the official documentation: https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html
1 #!/usr/bin/env bash
2 set -o nounset
3 set -o errexit
4 set -o pipefail
5
6 export AWS_DEFAULT_REGION="eu-north-1"
7 export AWS_PROFILE="default"
8 NAME="my-srv01"
9 TAGS="{Key=Temporary,Value=Yes},{Key=Environment,Value=Sandbox},{Key=Name,Value=$NAME}"
10 AMI="$(aws ec2 describe-images --owners 136693071363 --filters 'Name=architecture,Values=arm64' 'Name=name,Values=debian-13*' --query 'sort_by(Images, &CreationDate)[-1].[ImageId]' --output text)"
11 # The root disk device name can be vary of guest OS/AMI (for example, /dev/xvda or /dev/sda1), so it is better to get the exact value:
12 EBS_ROOT_DISK="$(aws ec2 describe-images --image-ids "$AMI" --query 'Images[0].BlockDeviceMappings[0].DeviceName' --output text)"
13 aws ec2 run-instances --image-id "$AMI" --count 1 --instance-type t4g.micro \
14 --key-name "XXXXX" \
15 --security-group-ids sg-XXXXX sg-XXXXX \
16 --subnet-id subnet-XXXXX \
17 --no-associate-public-ip-address \
18 --credit-specification CpuCredits=standard \
19 --instance-initiated-shutdown-behavior terminate \
20 --tag-specifications "ResourceType=instance,Tags=[$TAGS]" "ResourceType=volume,Tags=[$TAGS,{Key=MountPoint,Value=/}]" \
21 --block-device-mapping "DeviceName=${EBS_ROOT_DISK},Ebs={VolumeSize=8,VolumeType=standard,Encrypted=true}" \
22 --user-data "#cloud-config
23 hostname: $NAME
24 swap:
25 filename: /swapfile01
26 size: 209715200 # 200 MiB
27 packages:
28 - zsh
29 - mc
30 - awscli
31 package_update: true
32 package_upgrade: true
33 package_reboot_if_required: true
34 users:
35 - default
36 - name: my-username
37 groups: [ adm, sudo ]
38 sudo: [ 'ALL=(ALL) NOPASSWD:ALL' ]
39 shell: /bin/zsh
40 ssh-authorized-keys:
41 - 'ssh-ed25519 AAAAXXXXX my-username@desktop'
42 - 'ssh-rsa AAAAXXXXX my-username@laptop'
43 write_files:
44 - path: /ec2_tags.json
45 permissions: '0644'
46 owner: root:root
47 content: |
48 $TAGS
49 "
Output example:
1 {
2 "ReservationId": "r-0edfcebb5ab52a155",
3 "OwnerId": "YYYYY",
4 "Groups": [],
5 "Instances": [
6 {
7 "Architecture": "arm64",
8 "BlockDeviceMappings": [],
9 "ClientToken": "YYYYY",
10 "EbsOptimized": false,
11 "EnaSupport": true,
12 "Hypervisor": "xen",
13 "NetworkInterfaces": [
14 {
15 "Attachment": {
16 "AttachTime": "2025-12-18T21:42:49+00:00",
17 "AttachmentId": "eni-attach-0e0633c2e54fa801f",
18 "DeleteOnTermination": true,
19 "DeviceIndex": 0,
20 "Status": "attaching",
21 "NetworkCardIndex": 0
22 },
23 "Description": "",
24 "Groups": [
25 {
26 "GroupId": "sg-0a4b39a410436f27f",
27 "GroupName": "With SSH access"
28 }
29 ],
30 "Ipv6Addresses": [],
31 "MacAddress": "0e:ba:3e:c0:87:eb",
32 "NetworkInterfaceId": "eni-0d5626a596ed9e247",
33 "OwnerId": "YYYYY",
34 "PrivateDnsName": "ip-172-31-3-0.eu-north-1.compute.internal",
35 "PrivateIpAddress": "172.31.3.0",
36 "PrivateIpAddresses": [
37 {
38 "Primary": true,
39 "PrivateDnsName": "ip-172-31-3-0.eu-north-1.compute.internal",
40 "PrivateIpAddress": "172.31.3.0"
41 }
42 ],
43 "SourceDestCheck": true,
44 "Status": "in-use",
45 "SubnetId": "subnet-0ab41b9543e625dd0",
46 "VpcId": "vpc-02dd6b32ee1356679",
47 "InterfaceType": "interface",
48 "Operator": {
49 "Managed": false
50 }
51 }
52 ],
53 "RootDeviceName": "/dev/xvda",
54 "RootDeviceType": "ebs",
55 "SecurityGroups": [
56 {
57 "GroupId": "sg-0a4b39a410436f27f",
58 "GroupName": "With SSH access"
59 }
60 ],
61 "SourceDestCheck": true,
62 "StateReason": {
63 "Code": "pending",
64 "Message": "pending"
65 },
66 "Tags": [
67 {
68 "Key": "Environment",
69 "Value": "Dev"
70 },
71 {
72 "Key": "Temporary",
73 "Value": "Yes"
74 },
75 {
76 "Key": "Name",
77 "Value": "my-srv01"
78 }
79 ],
80 "VirtualizationType": "hvm",
81 "CpuOptions": {
82 "CoreCount": 2,
83 "ThreadsPerCore": 1
84 },
85 "CapacityReservationSpecification": {
86 "CapacityReservationPreference": "open"
87 },
88 "MetadataOptions": {
89 "State": "pending",
90 "HttpTokens": "optional",
91 "HttpPutResponseHopLimit": 1,
92 "HttpEndpoint": "enabled",
93 "HttpProtocolIpv6": "disabled",
94 "InstanceMetadataTags": "disabled"
95 },
96 "EnclaveOptions": {
97 "Enabled": false
98 },
99 "BootMode": "uefi",
100 "PrivateDnsNameOptions": {
101 "HostnameType": "ip-name",
102 "EnableResourceNameDnsARecord": false,
103 "EnableResourceNameDnsAAAARecord": false
104 },
105 "MaintenanceOptions": {
106 "AutoRecovery": "default"
107 },
108 "CurrentInstanceBootMode": "uefi",
109 "Operator": {
110 "Managed": false
111 },
112 "InstanceId": "i-0a5d5a4a49bb5d537",
113 "ImageId": "ami-0c7de8b03968e7b0d",
114 "State": {
115 "Code": 0,
116 "Name": "pending"
117 },
118 "PrivateDnsName": "ip-172-31-3-0.eu-north-1.compute.internal",
119 "PublicDnsName": "",
120 "StateTransitionReason": "",
121 "KeyName": "YYYYY laptop",
122 "AmiLaunchIndex": 0,
123 "ProductCodes": [],
124 "InstanceType": "t4g.micro",
125 "LaunchTime": "2025-12-18T21:42:49+00:00",
126 "Placement": {
127 "GroupName": "",
128 "Tenancy": "default",
129 "AvailabilityZone": "eu-north-1c"
130 },
131 "Monitoring": {
132 "State": "disabled"
133 },
134 "SubnetId": "subnet-0ab41b9543e625dd0",
135 "VpcId": "vpc-02dd6b32ee1356679",
136 "PrivateIpAddress": "172.31.3.0"
137 }
138 ]
139 }
Inside ec2 virtual machine, after login by SSH:
1 my-username@my-srv01 ~ % free -mw
2 total used free shared buffers cache available
3 Mem: 925 200 264 0 21 519 725
4 Swap: 199 0 199
5 my-username@my-srv01 ~ %
6 my-username@my-srv01 ~ % df -h
7 Filesystem Size Used Avail Use% Mounted on
8 udev 421M 0 421M 0% /dev
9 tmpfs 93M 472K 93M 1% /run
10 /dev/nvme0n1p1 7.7G 1.4G 5.9G 19% /
11 tmpfs 463M 0 463M 0% /dev/shm
12 efivarfs 128K 2.8K 126K 3% /sys/firmware/efi/efivars
13 tmpfs 1.0M 0 1.0M 0% /run/credentials/systemd-journald.service
14 tmpfs 5.0M 0 5.0M 0% /run/lock
15 tmpfs 463M 0 463M 0% /tmp
16 tmpfs 1.0M 0 1.0M 0% /run/credentials/systemd-resolved.service
17 /dev/nvme0n1p15 127M 9.2M 118M 8% /boot/efi
18 tmpfs 1.0M 0 1.0M 0% /run/credentials/systemd-networkd.service
19 tmpfs 1.0M 0 1.0M 0% /run/credentials/getty@tty1.service
20 tmpfs 1.0M 0 1.0M 0% /run/credentials/serial-getty@ttyS0.service
21 tmpfs 93M 4.0K 93M 1% /run/user/1000
22 my-username@my-srv01 ~ %
23 my-username@my-srv01 ~ % cat /etc/os-release
24 PRETTY_NAME="Debian GNU/Linux 13 (trixie)"
25 NAME="Debian GNU/Linux"
26 VERSION_ID="13"
27 VERSION="13 (trixie)"
28 VERSION_CODENAME=trixie
29 DEBIAN_VERSION_FULL=13.2
30 ID=debian
31 HOME_URL="https://www.debian.org/"
32 SUPPORT_URL="https://www.debian.org/support"
33 BUG_REPORT_URL="https://bugs.debian.org/"
34 my-username@my-srv01 ~ %
35 my-username@my-srv01 ~ % cat /etc/apt/sources.list
36 # See /etc/apt/sources.list.d/debian.sources
37 my-username@my-srv01 ~ %
38 my-username@my-srv01 ~ % cat /etc/apt/sources.list.d/debian.sources
39 Types: deb deb-src
40 URIs: mirror+file:///etc/apt/mirrors/debian.list
41 Suites: trixie trixie-updates trixie-backports
42 Components: main
43 Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
44
45 Types: deb deb-src
46 URIs: mirror+file:///etc/apt/mirrors/debian-security.list
47 Suites: trixie-security
48 Components: main
49 Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
50 my-username@my-srv01 ~ %
51 my-username@my-srv01 ~ % cat /etc/apt/mirrors/debian.list
52 https://cdn-aws.deb.debian.org/debian
53 my-username@my-srv01 ~ %
54 my-username@my-srv01 ~ % lscpu
55 Architecture: aarch64
56 CPU op-mode(s): 32-bit, 64-bit
57 Byte Order: Little Endian
58 CPU(s): 2
59 On-line CPU(s) list: 0,1
60 Vendor ID: ARM
61 Model name: Neoverse-N1
62 Model: 1
63 Thread(s) per core: 1
64 Core(s) per socket: 2
65 Socket(s): 1
66 Stepping: r3p1
67 BogoMIPS: 243.75
68 Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp
69 Caches (sum of all):
70 L1d: 128 KiB (2 instances)
71 L1i: 128 KiB (2 instances)
72 L2: 2 MiB (2 instances)
73 L3: 32 MiB (1 instance)
74 NUMA:
75 NUMA node(s): 1
76 NUMA node0 CPU(s): 0,1
77 Vulnerabilities:
78 Gather data sampling: Not affected
79 Ghostwrite: Not affected
80 Indirect target selection: Not affected
81 Itlb multihit: Not affected
82 L1tf: Not affected
83 Mds: Not affected
84 Meltdown: Not affected
85 Mmio stale data: Not affected
86 Old microcode: Not affected
87 Reg file data sampling: Not affected
88 Retbleed: Not affected
89 Spec rstack overflow: Not affected
90 Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
91 Spectre v1: Mitigation; __user pointer sanitization
92 Spectre v2: Mitigation; CSV2, BHB
93 Srbds: Not affected
94 Tsa: Not affected
95 Tsx async abort: Not affected
96 Vmscape: Not affected
97 my-username@my-srv01 ~ %
98 my-username@my-srv01 ~ % lsblk
99 NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
100 nvme0n1 259:0 0 8G 0 disk
101 ├─nvme0n1p1 259:1 0 7.9G 0 part /
102 └─nvme0n1p15 259:2 0 127M 0 part /boot/efi
103 my-username@my-srv01 ~ %
104 my-username@my-srv01 ~ % sudo blkid | sort
105 /dev/nvme0n1p15: SEC_TYPE="msdos" UUID="50D6-7CC0" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="68d340d7-19f3-4d85-a1b6-b24e7a2a5fc8"
106 /dev/nvme0n1p1: UUID="fc10d457-d978-4ec5-929f-6f4bbb91a10f" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="2545fbc3-232c-4af4-80ab-b1fd7fd5c47c"
107