AMI-based product delivery on AWS Marketplace: verifying customer purchase on server-side

Verifying if a user is running your paid image on EC2 can be challenging due to AWS's emphasis on user privacy and security. However, there are a few approaches you can consider:

As you mentioned, the IMDS provides information about the instance, including billing products. You can use this information to verify if your paid image is running on the instance. You can query the instance metadata from within the instance using a tool like curl or programmatically using an SDK.

Integration with Your Service : You can require users to authenticate or register their instances with your service. Upon registration, you can record relevant information such as the instance ID and other metadata. This approach allows you to maintain a direct relationship with your users and verify the usage of your paid image.

Billing and Usage Reports https://docs.aws.amazon.com/cur/latest/userguide/what-is-cur.html : AWS provides detailed billing and usage reports that include information about EC2 instances, including instance IDs, usage hours, and associated costs. You can analyze these reports to identify instances running your paid image. However, this approach may not provide real-time information and may require additional processing to correlate instances with your paid image.

Integration with AWS CloudTrail https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html : AWS CloudTrail provides a record of API calls made in your AWS account. You can monitor CloudTrail logs for relevant API calls related to EC2 instances, such as RunInstances or StartInstances. By correlating these API calls with your paid image, you can identify instances launched using your image.