Chapter 2. Preparing and uploading AMI images to AWS

Procedure

1. Install Python 3 and the pip tool:

   # dnf install python3 python3-pip

   Copy to Clipboard

2. Install the AWS command-line tools with pip:

   # pip3 install awscli

   Copy to Clipboard

3. Set your profile. The terminal prompts you to provide your credentials, region and output format:

   $ aws configure
   AWS Access Key ID [None]:
   AWS Secret Access Key [None]:
   Default region name [None]:
   Default output format [None]:

   Copy to Clipboard

4. Define a name for your bucket and create a bucket:

   $ BUCKET=bucketname
   $ aws s3 mb s3://$BUCKET

   Copy to Clipboard

   Replace bucketname with the actual bucket name. It must be a globally unique name. As a result, your bucket is created.

5. To grant permission to access the S3 bucket, create a vmimport S3 Role in the AWS Identity and Access Management (IAM), if you have not already done so in the past:

   1. Create a trust-policy.json file with the trust policy configuration, in the JSON format. For example:

      {
          "Version": "2022-10-17",
          "Statement": [{
              "Effect": "Allow",
              "Principal": {
                  "Service": "vmie.amazonaws.com"
              },
              "Action": "sts:AssumeRole",
              "Condition": {
                  "StringEquals": {
                      "sts:Externalid": "vmimport"
                  }
              }
          }]
      }

      Copy to Clipboard

   2. Create a role-policy.json file with the role policy configuration, in the JSON format. For example:

      {
          "Version": "2012-10-17",
          "Statement": [{
              "Effect": "Allow",
              "Action": ["s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket"],
              "Resource": ["arn:aws:s3:::%s", "arn:aws:s3:::%s/"] }, { "Effect": "Allow", "Action": ["ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe"],
              "Resource": "*"
          }]
      }
      $BUCKET $BUCKET

      Copy to Clipboard

   3. Create a role for your Amazon Web Services account, by using the trust-policy.json file:

      $ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

      Copy to Clipboard

   4. Embed an inline policy document, by using the role-policy.json file:

      $ aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

      Copy to Clipboard

Procedure

1. Using the text editor, create a configuration file with the following content:

   provider = "aws"
   [settings]
   accessKeyID = "AWS_ACCESS_KEY_ID"
   secretAccessKey = "AWS_SECRET_ACCESS_KEY"
   bucket = "AWS_BUCKET"
   region = "AWS_REGION"
   key = "IMAGE_KEY"

   Copy to Clipboard

   Replace values in the fields with your credentials for accessKeyID, secretAccessKey, bucket, and region. The IMAGE_KEY value is the name of your VM Image to be uploaded to EC2.

2. Save the file as CONFIGURATION-FILE.toml and close the text editor.

3. Start the compose to upload it to AWS:

   # composer-cli compose start blueprint-name image-type image-key configuration-file.toml

   Copy to Clipboard

   Replace:

   • blueprint-name with the name of the blueprint you created
   • image-type with the ami image type.
   • image-key with the name of your VM Image to be uploaded to EC2.

   • configuration-file.toml with the name of the configuration file of the cloud provider.

     Note

     You must have the correct AWS Identity and Access Management (IAM) settings for the bucket you are going to send your customized image to. You have to set up a policy to your bucket before you are able to upload images to it.

4. Check the status of the image build:

   # composer-cli compose status

   Copy to Clipboard

   After the image upload process is complete, you can see the "FINISHED" status.

1. Access EC2 on the menu and select the correct region in the AWS console. The image must have the available status, to indicate that it was successfully uploaded.
2. On the dashboard, select your image and click Launch.

Procedure

1. In the RHEL image builder dashboard, click the blueprint name that you previously created.
2. Select the tab Images.

3. Click Create Image to create your customized image.

   The Create Image window opens.

   1. From the Type drop-down menu list, select Amazon Machine Image Disk (.raw).
   2. Check the Upload to AWS checkbox to upload your image to the AWS Cloud and click Next.

   3. To authenticate your access to AWS, type your AWS access key ID and AWS secret access key in the corresponding fields. Click Next.

      Note

      You can view your AWS secret access key only when you create a new Access Key ID. If you do not know your Secret Key, generate a new Access Key ID.

   4. Type the name of the image in the Image name field, type the Amazon bucket name in the Amazon S3 bucket name field and type the AWS region field for the bucket you are going to add your customized image to. Click Next.

   5. Review the information and click Finish.

      Optionally, click Back to modify any incorrect detail.

      Note

      You must have the correct IAM settings for the bucket you are going to send your customized image. This procedure uses the IAM Import and Export, so you have to set up a policy to your bucket before you are able to upload images to it. For more information, see Required Permissions for IAM Users.

4. A pop-up on the upper right informs you of the saving progress. It also informs that the image creation has been initiated, the progress of this image creation and the subsequent upload to the AWS Cloud.

   After the process is complete, you can see the Image build complete status.

5. In a browser, access Service→EC2.

   1. On the AWS console dashboard menu, choose the correct region. The image must have the Available status, to indicate that it is uploaded.
   2. On the AWS dashboard, select your image and click Launch.
6. A new window opens. Choose an instance type according to the resources you need to start your image. Click Review and Launch.
7. Review your instance start details. You can edit each section if you need to make any changes. Click Launch.

8. Before you start the instance, select a public key to access it.

   You can either use the key pair you already have or you can create a new key pair.

   Follow the next steps to create a new key pair in EC2 and attach it to the new instance.

   1. From the drop-down menu list, select Create a new key pair.
   2. Enter the name to the new key pair. It generates a new key pair.
   3. Click Download Key Pair to save the new key pair on your local system.

9. Then, you can click Launch Instance to start your instance.

   You can check the status of the instance, which displays as Initializing.

10. After the instance status is running, the Connect button becomes available.

11. Click Connect. A window is displayed with instructions on how to connect by using SSH.

    1. Select A standalone SSH client as the preferred connection method to and open a terminal.

    2. In the location you store your private key, ensure that your key is publicly viewable for SSH to work. To do so, run the command:

       $ chmod 400 <your-instance-name.pem>

       Copy to Clipboard

    3. Connect to your instance by using its Public DNS:

       $ ssh -i <your-instance-name.pem> ec2-user@<your-instance-IP-address>

       Copy to Clipboard

    4. Type yes to confirm that you want to continue connecting.

       As a result, you are connected to your instance over SSH.