Uncategorized

Custom Amazon Machine Images

“This Blog gives you brief about how to create a Custom AMI and helps user to create a EBS Stored AMI and Instance Stored AMI “

Prerequisites

Before you can create an AMI, you must complete the following tasks:

Install the AMI tools. For more information, see Setting Up the AMI Tools.

Install the AWS CLI. For more information, see Getting Set Up with the AWS Command Line Interface.

Ensure that you have an Amazon S3 bucket for the bundle. To create an Amazon S3 bucket, open the Amazon S3 console and click Create Bucket. Alternatively, you can use the AWS CLI mb command.

Ensure that you have your AWS account ID. For more information, see AWS Account Identifiers in the AWS General Reference.

Ensure that you have your access key ID and secret access key. For more information, see Access Keys in the AWS General Reference.

Ensure that you have an X.509 certificate and corresponding private key.

If you need to create an X.509 certificate, see Managing Signing Certificates. The X.509 certificate and private key are used to encrypt and decrypt your AMI.

Connect to your instance and customize it. For example, you can install software and applications, copy data, delete temporary files, and modify the Linux configuration.

 

Types of AMI

The AMI creation process is divided into two types

Amazon EBS-backed and

Instance store-backed

 

Creating an Amazon EBS-Backed Linux AMI

To create an AMI from an instance using the console

  1. Select an appropriate EBS-backed AMI to serve as a starting point for your new AMI, and configure it as needed before launch.
  2. Choose Launchto launch an instance of the EBS-backed AMI that you’ve selected. Accept the default values as you step through the wizard.
  3. While the instance is running, connect to it. You can perform any of the following actions on your instance to customize it for your needs:
    • Install software and applications
    • Copy data
    • Reduce start time by deleting temporary files, defragmenting your hard drive, and zeroing out free space
    • Attach additional Amazon EBS volumes
  4. (Optional) Create snapshots of all the volumes attached to your instance.
  5. In the navigation pane, choose Instances, select your instance, and then choose Actions, ImageCreate Image.

If this option is disabled, your instance isn’t an Amazon EBS-backed instance.

In the Create Image dialog box, specify the following information, and then choose Create Image.

  • Image name– A unique name for the image.
  • Image description– An optional description of the image, up to 255 characters.
  • No reboot– This option is not selected by default. Amazon EC2 shuts down the instance, takes snapshots of any attached volumes, creates and registers the AMI, and then reboots the instance. Select No reboot to avoid having your instance shut down.

Warning

If you select No reboot, we can’t guarantee the file system integrity of the created image.

  • Instance Volumes– The fields in this section enable you to modify the root volume, and add additional Amazon EBS and instance store volumes. For information about each field, pause on the i icon next to each field to display field tooltips. Some important points are listed below.
  • To change the size of the root volume, locate Rootin the Volume Type column, and for Size (GB), type the required value.
  • If you select Delete on Termination, when you terminate the instance created from this AMI, the EBS volume is deleted. If you clear Delete on Termination, when you terminate the instance, the EBS volume is not deleted.

Note

Delete on Termination determines if the EBS volume is deleted or not; it does not affect the instance or the AMI.

  • To add an Amazon EBS volume, choose Add New Volume(which adds a new row). For Volume Type, choose EBS, and fill in the fields in the row. When you launch an instance from your new AMI, additional volumes are automatically attached to the instance. Empty volumes must be formatted and mounted. Volumes based on a snapshot must be mounted.
  • To add an instance store volume, see Adding Instance Store Volumes to an AMI. When you launch an instance from your new AMI, additional volumes are automatically initialized and mounted. These volumes do not contain data from the instance store volumes of the running instance on which you based your AMI.
  1. To view the status of your AMI while it is being created, in the navigation pane, choose AMIs. Initially, the status is pendingbut should change to available after a few minutes.

(Optional) To view the snapshot that was created for the new AMI, choose Snapshots. When you launch an instance from this AMI, we use this snapshot to create its root device volume.

  1. Launch an instance from your new AMI
  2. The new running instance contains all of the customizations that you applied in previous steps.

 

Creation of Instance Store-Backed AMI

 

The following diagram summarizes the process of creating an AMI from an instance store-backed instance.

  1. First, launch an instance from an AMI that’s similar to the AMI that you’d like to create.
  2. You can connect to your instance and customize it.
  3. When the instance is set up the way you want it, you can bundle it.
  4. It takes several minutes for the bundling process to complete. After the process completes, you have a bundle, which consists of an image manifest (manifest.xml) and files (image.part.xx) that contain a template for the root volume.
  5. Next you upload the bundle to your Amazon S3 bucket and then register your AMI.
  6. When you launch an instance using the new AMI, we create the root volume for the instance using the bundle that you uploaded to Amazon S3.
  7. The storage space used by the bundle in Amazon S3 incurs charges to your account until you delete it

 

Creating an AMI from an Instance Store-Backed Amazon Linux Instance

This section describes the creation of an AMI from an Amazon Linux instance. The following procedures may not work for instances running other Linux distributions.

To prepare to use the AMI tools (HVM instances only)

  1. The AMI tools require GRUB Legacy to boot properly. Use the following command to install GRUB:

[ec2-user ~]$ sudo yum install -y grub

  1. Install the partition management packages with the following command:

[ec2-user ~]$ sudo yum install -y gdisk kpartx parted

To create an AMI from an instance store-backed Amazon Linux instance

This procedure assumes that you have satisfied the prerequisites in Prerequisites.

Upload your credentials to your instance. We use these credentials to ensure that only you and Amazon EC2 can access your AMI
Create a temporary directory on your instance for your credentials as follows:

[ec2-user ~]$ mkdir /tmp/cert

This enables you to exclude your credentials from the created image.

Copy your X.509 certificate and corresponding private key from your computer to the /tmp/certdirectory on your instance using a secure copy tool such as scp. The -i my-private-key.pem option in the following scp command is the private key you use to connect to your instance with SSH, not the X.509 private key. For example

you@your_computer:~ $ scp -i my-private-key.pem /path/to/pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem /path/to/cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem ec2-user@ec2-203-0-113-25.compute-1.amazonaws.com:/tmp/cert/ pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem  100%  717     0.7KB/s   00:00

cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem  100%  685     0.7KB/s   00:00

Alternatively, because these are plain text files, you can open the certificate and key in a text editor and copy their contents into new files in /tmp/cert.

Prepare the bundle to upload to Amazon S3 by running the “ec2-bundle-vol” command from inside your instance. Be sure to specify the -e option to exclude the directory where your credentials are stored. By default, the bundle process excludes files that might contain sensitive information. These files include *.sw, *.swo, *.swp, *.pem, *.priv, *id_rsa*, *id_dsa* *.gpg, *.jks, */.ssh/authorized_keys, and */.bash_history. To include all of these files, use the –no-filter To include some of these files, use the –include option.

 

Note:

By default, the AMI bundling process creates a compressed, encrypted collection of files in the /tmp directory that represents your root volume.

If you do not have enough free disk space in /tmp to store the bundle, you need to specify a different location for the bundle to be stored with the -d/path/to/bundle/storage option.

Some instances have ephemeral storage mounted at /mnt or /media/ephemeral0 that you can use, or you can also createattach, and mount a new Amazon EBS volume to store the bundle.

  1. You must run the ec2-bundle-volcommand as root. For most commands, you can use sudo to gain elevated permissions, but in this case, you should run sudo -E su to keep your environment variables.

[ec2-user ~]$ sudo -E su

Note that bash prompt now identifies you as the root user, and that the dollar sign has been replaced by a hash tag, signalling that you are in a root shell:

[root ec2-user]#

To create the AMI bundle, run the “ec2-bundle-vol” command as follows:

[root ec2-user]# ec2-bundle-vol -k /tmp/cert/pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -c /tmp/cert/cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -u 123456789012 -r x86_64 -e /tmp/cert –partition gpt

It can take a few minutes to create the image.

When this command completes, your /tmp (or non-default) directory contains the bundle (image.manifest.xml, plus multiple image.part.xx files).

Exit from the root shell.

[root ec2-user]# exit

(Optional) To add more instance store volumes, edit the block device mappings in the manifest.xmlfile for your AMI. For more information, see Block Device Mapping.

Create a backup of your manifest.xmlfile.

[ec2-user ~]$ sudo cp /tmp/image.manifest.xml /tmp/image.manifest.xml.bak

Reformat the manifest.xmlfile so that it is easier to read and edit.

[ec2-user ~]$ sudo xmllint –format /tmp/image.manifest.xml.bak > sudo /tmp/image.manifest.xml

Edit the block device mappings in manifest.xmlwith a text editor. The example below shows a new entry for the ephemeral1 instance store volume.

 

<block_device_mapping>

<mapping>

<virtual>ami</virtual>

<device>sda</device>

</mapping>

<mapping>

<virtual>ephemeral0</virtual>

<device>sdb</device>

</mapping>

      <mapping>

        <virtual>ephemeral1</virtual>

        <device>sdc</device>

      </mapping>

<mapping>

<virtual>root</virtual>

<device>/dev/sda1</device>

</mapping>

</block_device_mapping>

 

Save the manifest.xmlfile and exit your text editor.

 

  1. To upload your bundle to Amazon S3, run the “ec2-upload-bundle” command as follows.

[ec2-user ~]$ ec2-upload-bundle -b my-s3-bucket/bundle_folder/bundle_name -m /tmp/image.manifest.xml -a your_access_key_id -s your_secret_access_key

 

Note:

To register your AMI in a region other than US East (N. Virginia), you must specify both the target region with the –region option and a bucket path that already exists in the target region or a unique bucket path that can be created in the target region.

  1. (Optional) After the bundle is uploaded to Amazon S3, you can remove the bundle from the /tmpdirectory on the instance using the following rm command:

[ec2-user ~]$ sudo rm /tmp/image.manifest.xml /tmp/image.part.* /tmp/image

Note:

If you specified a path with the -d /path/to/bundle/storage option in Step 2, use that path instead of /tmp.

  1. To register your AMI, run the “register-image” command as follows.

[ec2-user ~]$ aws ec2 register-image –image-location my-s3-bucket/bundle_folder/bundle_name/image.manifest.xml –name AMI_name –virtualization-type hvm

Note:

If you previously specified a region for the “ec2-upload-bundle” command, specify that region again for this command.

About The Author

Leave a Reply

*