Chapter 2. Creating and uploading AWS AMI images

Procedure

1. Install Python 3 and the pip tool:

   # dnf install python3 python3-pip

2. Install the AWS command-line tools with pip:

   # pip3 install awscli

3. Set your profile. The terminal prompts you to provide your credentials, region and output format:

   $ aws configure
   AWS Access Key ID [None]:
   AWS Secret Access Key [None]:
   Default region name [None]:
   Default output format [None]:

4. Define a name for your bucket and create a bucket:

   $ BUCKET=bucketname
   $ aws s3 mb s3://$BUCKET

   Replace bucketname with the actual bucket name. It must be a globally unique name. As a result, your bucket is created.

5. To grant permission to access the S3 bucket, create a vmimport S3 Role in the AWS Identity and Access Management (IAM), if you have not already done so in the past:

   1. Create a trust-policy.json file with the trust policy configuration, in the JSON format. For example:

      {
          "Version": "2022-10-17",
          "Statement": [{
              "Effect": "Allow",
              "Principal": {
                  "Service": "vmie.amazonaws.com"
              },
              "Action": "sts:AssumeRole",
              "Condition": {
                  "StringEquals": {
                      "sts:Externalid": "vmimport"
                  }
              }
          }]
      }

   2. Create a role-policy.json file with the role policy configuration, in the JSON format. For example:

      {
          "Version": "2012-10-17",
          "Statement": [{
              "Effect": "Allow",
              "Action": ["s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket"],
              "Resource": ["arn:aws:s3:::%s", "arn:aws:s3:::%s/"] }, { "Effect": "Allow", "Action": ["ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe"],
              "Resource": "*"
          }]
      }
      $BUCKET $BUCKET

   3. Create a role for your Amazon Web Services account, by using the trust-policy.json file:

      $ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

   4. Embed an inline policy document, by using the role-policy.json file:

      $ aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Procedure

1. Using the text editor, create a configuration file with the following content:

   provider = "aws"
   
   [settings]
   accessKeyID = "AWS_ACCESS_KEY_ID"
   secretAccessKey = "AWS_SECRET_ACCESS_KEY"
   bucket = "AWS_BUCKET"
   region = "AWS_REGION"
   key = "IMAGE_KEY"

   Replace values in the fields with your credentials for accessKeyID, secretAccessKey, bucket, and region. The IMAGE_KEY value is the name of your VM Image to be uploaded to EC2.

2. Save the file as CONFIGURATION-FILE.toml and close the text editor.

3. Start the compose to upload it to AWS:

   # composer-cli compose start blueprint-name image-type image-key configuration-file.toml

   Replace:

   • blueprint-name with the name of the blueprint you created
   • image-type with the ami image type.
   • image-key with the name of your VM Image to be uploaded to EC2.

   • configuration-file.toml with the name of the configuration file of the cloud provider.

     Note

     You must have the correct AWS Identity and Access Management (IAM) settings for the bucket you are going to send your customized image to. You have to set up a policy to your bucket before you are able to upload images to it.

4. Check the status of the image build:

   # composer-cli compose status

   After the image upload process is complete, you can see the "FINISHED" status.

1. Access EC2 on the menu and select the correct region in the AWS console. The image must have the available status, to indicate that it was successfully uploaded.
2. On the dashboard, select your image and click Launch.

Procedure

1. In the RHEL image builder dashboard, click the blueprint name that you previously created.
2. Select the tab Images.

3. Click Create Image to create your customized image.

   The Create Image window opens.

   1. From the Type drop-down menu list, select Amazon Machine Image Disk (.raw).
   2. Check the Upload to AWS checkbox to upload your image to the AWS Cloud and click Next.

   3. To authenticate your access to AWS, type your AWS access key ID and AWS secret access key in the corresponding fields. Click Next.

      Note

      You can view your AWS secret access key only when you create a new Access Key ID. If you do not know your Secret Key, generate a new Access Key ID.

   4. Type the name of the image in the Image name field, type the Amazon bucket name in the Amazon S3 bucket name field and type the AWS region field for the bucket you are going to add your customized image to. Click Next.

   5. Review the information and click Finish.

      Optionally, click Back to modify any incorrect detail.

      Note

      You must have the correct IAM settings for the bucket you are going to send your customized image. This procedure uses the IAM Import and Export, so you have to set up a policy to your bucket before you are able to upload images to it. For more information, see Required Permissions for IAM Users.

4. A pop-up on the upper right informs you of the saving progress. It also informs that the image creation has been initiated, the progress of this image creation and the subsequent upload to the AWS Cloud.

   After the process is complete, you can see the Image build complete status.

5. In a browser, access Service→EC2.

   1. On the AWS console dashboard menu, choose the correct region. The image must have the Available status, to indicate that it is uploaded.
   2. On the AWS dashboard, select your image and click Launch.
6. A new window opens. Choose an instance type according to the resources you need to start your image. Click Review and Launch.
7. Review your instance start details. You can edit each section if you need to make any changes. Click Launch

8. Before you start the instance, select a public key to access it.

   You can either use the key pair you already have or you can create a new key pair.

   Follow the next steps to create a new key pair in EC2 and attach it to the new instance.

   1. From the drop-down menu list, select Create a new key pair.
   2. Enter the name to the new key pair. It generates a new key pair.
   3. Click Download Key Pair to save the new key pair on your local system.

9. Then, you can click Launch Instance to start your instance.

   You can check the status of the instance, which displays as Initializing.

10. After the instance status is running, the Connect button becomes available.

11. Click Connect. A window appears with instructions on how to connect by using SSH.

    1. Select A standalone SSH client as the preferred connection method to and open a terminal.

    2. In the location you store your private key, ensure that your key is publicly viewable for SSH to work. To do so, run the command:

       $ chmod 400 _your-instance-name.pem_>

    3. Connect to your instance by using its Public DNS:

       $ ssh -i <_your-instance-name.pem_> ec2-user@<_your-instance-IP-address_>

    4. Type yes to confirm that you want to continue connecting.

       As a result, you are connected to your instance over SSH.