Chapter 1. Creating and uploading AWS AMI images

Procedure

1. Install Python 3 and the pip tool:

   # dnf install python3
   # dnf install python3-pip

2. Install the AWS command-line tools with pip:

   # pip3 install awscli

3. Run the following command to set your profile. The terminal prompts you to provide your credentials, region and output format:

   $ aws configure
   AWS Access Key ID [None]:
   AWS Secret Access Key [None]:
   Default region name [None]:
   Default output format [None]:

4. Define a name for your bucket and use the following command to create a bucket:

   $ BUCKET=bucketname
   $ aws s3 mb s3://$BUCKET

   Replace bucketname with the actual bucket name. It must be a globally unique name. As a result, your bucket is created.

5. To grant permission to access the S3 bucket, create a vmimport S3 Role in the AWS Identity and Access Management (IAM), if you have not already done so in the past:

   $ printf '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "vmie.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals":{ "sts:Externalid": "vmimport" } } } ] }' > trust-policy.json
   $ printf '{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket" ], "Resource":[ "arn:aws:s3:::%s", "arn:aws:s3:::%s/*" ] }, { "Effect":"Allow", "Action":[ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Resource":"*" } ] }' $BUCKET $BUCKET > role-policy.json
   $ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
   $ aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Procedure

1. Using the text editor, create a configuration file with the following content:

   provider = "aws"
   
   [settings]
   accessKeyID = "AWS_ACCESS_KEY_ID"
   secretAccessKey = "AWS_SECRET_ACCESS_KEY"
   bucket = "AWS_BUCKET"
   region = "AWS_REGION"
   key = "IMAGE_KEY"

   Replace values in the fields with your credentials for accessKeyID, secretAccessKey, bucket, and region. The IMAGE_KEY value is the name of your VM Image to be uploaded to EC2.

2. Save the file as CONFIGURATION-FILE.toml and close the text editor.

3. Start the compose:

   # composer-cli compose start BLUEPRINT-NAME IMAGE-TYPE IMAGE_KEY CONFIGURATION-FILE.toml

   Replace:

   • BLUEPRINT-NAME with the name of the blueprint you created
   • IMAGE-TYPE with the ami image type.
   • IMAGE_KEY with the name of your VM Image to be uploaded to EC2.

   • CONFIGURATION-FILE.toml with the name of the configuration file of the cloud provider.

     Note

     You must have the correct IAM settings for the bucket you are going to send your customized image to. You have to set up a policy to your bucket before you are able to upload images to it.

4. Check the status of the image build and upload it to AWS:

   # composer-cli compose status

   After the image upload process is complete, you can see the "FINISHED" status.

1. Access EC2 on the menu and select the correct region in the AWS console. The image must have the available status, to indicate that it was successfully uploaded.
2. On the dashboard, select your image and click Launch.

Procedure

1. Click the blueprint name.
2. Select the tab Images.

3. Click Create Image to create your customized image.

   A pop-up window opens.

   1. From the Type drop-down menu list, select Amazon Machine Image Disk (.raw).
   2. Check the Upload to AWS check box to upload your image to the AWS Cloud and click Next.

   3. To authenticate your access to AWS, type your AWS access key ID and AWS secret access key in the corresponding fields. Click Next.

      Note

      You can view your AWS secret access key only when you create a new Access Key ID. If you do not know your Secret Key, generate a new Access Key ID.

   4. Type the name of the image in the Image name field, type the Amazon bucket name in the Amazon S3 bucket name field and type the AWS region field for the bucket you are going to add your customized image to. Click Next.

   5. Review the information and click Finish.

      Optionally, you can click Back to modify any incorrect detail.

      Note

      You must have the correct IAM settings for the bucket you are going to send your customized image. This procedure uses the IAM Import and Export, so you have to set up a policy to your bucket before you are able to upload images to it. For more information, see Required Permissions for IAM Users.

4. A small pop-up on the upper right informs you of the saving progress. It also informs that the image creation has been initiated, the progress of this image creation and the subsequent upload to the AWS Cloud.

   After the process is complete, you can see the Image build complete status.

5. Click Service→EC2 on the menu and choose the correct region in the AWS console. The image must have the Available status, to indicate that it is uploaded.
6. On the dashboard, select your image and click Launch.
7. A new window opens. Choose an instance type according to the resources you need to start your image. Click Review and Launch.
8. Review your instance start details. You can edit each section if you need to make any changes. Click Launch

9. Before you start the instance, select a public key to access it.

   You can either use the key pair you already have or you can create a new key pair. Alternatively, you can use image builder to add a user to the image with a preset public key. See Creating a user account with an SSH key for more details.

   Follow the next steps to create a new key pair in EC2 and attach it to the new instance.

   1. From the drop-down menu list, select Create a new key pair.
   2. Enter the name to the new key pair. It generates a new key pair.
   3. Click Download Key Pair to save the new key pair on your local system.

10. Then, you can click Launch Instance to start your instance.

    You can check the status of the instance, which displays as Initializing.

11. After the instance status is running, the Connect button becomes available.

12. Click Connect. A pop-up window appears with instructions on how to connect using SSH.

    1. Select A standalone SSH client as the preferred connection method to and open a terminal.

    2. In the location you store your private key, ensure that your key is publicly viewable for SSH to work. To do so, run the command:

       $ chmod 400 <your-instance-name.pem>_

    3. Connect to your instance using its Public DNS:

       $ ssh -i "<_your-instance-name.pem_"> ec2-user@<_your-instance-IP-address_>

    4. Type yes to confirm that you want to continue connecting.

       As a result, you are connected to your instance using SSH.

Verification

1. Check if you are able to perform any action while connected to your instance using SSH.