EC2 Copy Image not recognizing "CopyImageTags" as a valid parameter

[Mang2015]

Describe the bug

CopyImageTags is stated in the public documentation as a valid parameter for the copy_image API in latest boto3 version - https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2/client/copy_image.html

I have been using a boto3 script for a while that I have not changed the content of, which used to work before but does not work now. I forgot the boto3/botocore version I was on before, but now I am on the latest boto3/botocore version.

Usage:

copy_response = ec2_client.copy_image(
				Name=ami_name,
				SourceImageId=ami_id,
				SourceRegion=source_region,
				CopyImageTags=True)

Output:
Unknown parameter in input: "CopyImageTags", must be one of: ClientToken, Description, Encrypted, KmsKeyId, Name, SourceImageId, SourceRegion, DestinationOutpostArn, DryRun

I traced the code and I see CopyImageRequest, which is the schema passed into the botocore validation, has the CopyImageTags parameter:

    "CopyImageRequest":{
      "type":"structure",
      "required":[
        "Name",
        "SourceImageId",
        "SourceRegion"
      ],
      "members":{
        "ClientToken":{
          "shape":"String",
          "documentation":"<p>Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html\">Ensuring idempotency</a> in the <i>Amazon EC2 API Reference</i>.</p>"
        },
        "Description":{
          "shape":"String",
          "documentation":"<p>A description for the new AMI in the destination Region.</p>"
        },
        "Encrypted":{
          "shape":"Boolean",
          "documentation":"<p>Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using <code>KmsKeyId</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html\">Use encryption with EBS-backed AMIs</a> in the <i>Amazon EC2 User Guide</i>.</p>",
          "locationName":"encrypted"
        },
        "KmsKeyId":{
          "shape":"KmsKeyId",
          "documentation":"<p>The identifier of the symmetric Key Management Service (KMS) KMS key to use when creating encrypted volumes. If this parameter is not specified, your Amazon Web Services managed KMS key for Amazon EBS is used. If you specify a KMS key, you must also set the encrypted state to <code>true</code>.</p> <p>You can specify a KMS key using any of the following:</p> <ul> <li> <p>Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.</p> </li> <li> <p>Key alias. For example, alias/ExampleAlias.</p> </li> <li> <p>Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.</p> </li> <li> <p>Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.</p> </li> </ul> <p>Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an identifier that is not valid, the action can appear to complete, but eventually fails.</p> <p>The specified KMS key must exist in the destination Region.</p> <p>Amazon EBS does not support asymmetric KMS keys.</p>",
          "locationName":"kmsKeyId"
        },
        "Name":{
          "shape":"String",
          "documentation":"<p>The name of the new AMI in the destination Region.</p>"
        },
        "SourceImageId":{
          "shape":"String",
          "documentation":"<p>The ID of the AMI to copy.</p>"
        },
        "SourceRegion":{
          "shape":"String",
          "documentation":"<p>The name of the Region that contains the AMI to copy.</p>"
        },
        "DestinationOutpostArn":{
          "shape":"String",
          "documentation":"<p>The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/ebs/latest/userguide/snapshots-outposts.html#copy-amis\">Copy AMIs from an Amazon Web Services Region to an Outpost</a> in the <i>Amazon EBS User Guide</i>.</p>"
        },
        "CopyImageTags":{
          "shape":"Boolean",
          "documentation":"<p>Indicates whether to include your user-defined AMI tags when copying the AMI.</p> <p>The following tags will not be copied:</p> <ul> <li> <p>System tags (prefixed with <code>aws:</code>)</p> </li> <li> <p>For public and shared AMIs, user-defined tags that are attached by other Amazon Web Services accounts</p> </li> </ul> <p>Default: Your user-defined AMI tags are not copied.</p>"
        },
        "TagSpecifications":{
          "shape":"TagSpecificationList",
          "documentation":"<p>The tags to apply to the new AMI and new snapshots. You can tag the AMI, the snapshots, or both.</p> <ul> <li> <p>To tag the new AMI, the value for <code>ResourceType</code> must be <code>image</code>.</p> </li> <li> <p>To tag the new snapshots, the value for <code>ResourceType</code> must be <code>snapshot</code>. The same tag is applied to all the new snapshots.</p> </li> </ul> <p>If you specify other values for <code>ResourceType</code>, the request fails.</p> <p>To tag an AMI or snapshot after it has been created, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html\">CreateTags</a>.</p>",
          "locationName":"TagSpecification"
        },
        "DryRun":{
          "shape":"Boolean",
          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>",
          "locationName":"dryRun"
        }
      },

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

Expectation is for the API call to go through and AMIs to be copied to the desired region with User defined tags copied

Current Behavior

I added log lines for boto3 and botocore versions

boto3 version 1.35.46
botocore version 1.35.46
reading images from file and issuing copy for AMIs that have not been copied yet
region: ap-south-1
SQL_2019_Enterprise_CU17_May_2024

Traceback (most recent call last):
  File "/Users/umangch/python_scripts/copy_amis.py", line 61, in <module>
    main()
  File "/Users/umangch/python_scripts/copy_amis.py", line 51, in main
    copy_response = ec2_client.copy_image(
  File "/Users/umangch/Library/Python/3.9/lib/python/site-packages/botocore/client.py", line 569, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/umangch/Library/Python/3.9/lib/python/site-packages/botocore/client.py", line 980, in _make_api_call
    request_dict = self._convert_to_request_dict(
  File "/Users/umangch/Library/Python/3.9/lib/python/site-packages/botocore/client.py", line 1047, in _convert_to_request_dict
    request_dict = self._serializer.serialize_to_request(
  File "/Users/umangch/Library/Python/3.9/lib/python/site-packages/botocore/validate.py", line 381, in serialize_to_request
    raise ParamValidationError(report=report.generate_report())
botocore.exceptions.ParamValidationError: Parameter validation failed:
Unknown parameter in input: "CopyImageTags", must be one of: ClientToken, Description, Encrypted, KmsKeyId, Name, SourceImageId, SourceRegion, DestinationOutpostArn, DryRun

Reproduction Steps

Reproduced with this script, filling in values wherever applicable

import boto3
import botocore
from botocore.config import Config

def main():

	print("boto3 version " + boto3.__version__)
	print("botocore version " + botocore.__version__)
	regions = ['ap-south-1','sa-east-1','us-west-1','eu-west-1','ap-northeast-2','eu-west-2','ca-central-1','ap-southeast-1','eu-central-1','us-east-2','ap-southeast-2','eu-north-1','us-west-2','ap-northeast-3','ap-northeast-1','us-east-1','eu-west-3']
	source_region = 'us-west-2'

	for region in regions:
		if region is source_region:
			continue

		my_config = Config(
			region_name = region,
			signature_version = 'v4',
			retries = {
				'max_attempts': 10,
				'mode': 'standard'
			}
		)
		ec2_client = boto3.client('ec2',
			aws_access_key_id='<aws_access_key_id>',
			aws_secret_access_key='<aws_secret_access_key>',
			aws_session_token='<aws_session_token>',
			config=my_config
			)

		copy_response = ec2_client.copy_image(
			Name='<name>',
			SourceImageId='<image_id>',
			SourceRegion=source_region,
			CopyImageTags=True)



if __name__ == "__main__":
    main()

Possible Solution

No response

Additional Information/Context

No response

SDK version used

1.35.46

Environment details (OS name and version, etc.)

macOS Ventura 13.6.9

[tim-finnigan]

Discussed this issue with the author internally — the CopyImageTags is working as documented, issue was with a custom model overriding the default behavior.

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.