[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IAM permissions adjustment on AWS

On Sun, Sep 03, 2017 at 11:34:30PM +0200, Thomas Goirand wrote:
> BTW, how do I generate the @(#*$& image manifest? Uploading an image to
> amazon is such a pain ... :/

The manifest is created by ec2-bundle-vol. However, it sounds like
you're trying to generate what Amazon calls an "instance store backed
AMI", which probably isn't what you want. We don't even publish such
AMIs for the semi-official stretch cloud images. I suspect that that's
why you're having credential issues; you're making API calls that aren't
usually called by the ImageBuilders group members.

Instead create an EBS-backed volume, which uses the network-attached EBS
storage as the root volume. In that case, the steps are:

dd your raw image to an EBS volume
Snapshot the EBS volume
Register the snapshot as an AMI

I use the script at [1] when generating the semi-official AWS images.
The only required parameters to it are a volume ID. It assumes that
you've already generated the raw image and written it to the volume with

The only API calls are CreateSnapshot[2] and RegisterImage[3]

1. https://anonscm.debian.org/cgit/cloud/fai-cloud-images.git/tree/volume-to-ami.sh
2. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSnapshot.html
3. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RegisterImage.html

Attachment: signature.asc
Description: PGP signature

Reply to: