Chapter 15. Preparing and uploading AMI images to AWS

Procedure

1. Install Python 3 and the pip tool:

   # dnf install python3 python3-pip

2. Install the AWS command-line tools with pip:

   # pip3 install awscli

3. Set your profile. The terminal prompts you to provide your credentials, region, and output format:

   $ aws configure
   AWS Access Key ID [None]:
   AWS Secret Access Key [None]:
   Default region name [None]:
   Default output format [None]:

4. Define a name for your bucket and create a bucket:

   $ BUCKET=bucketname
   $ aws s3 mb s3://$BUCKET

   Replace bucketname with the actual bucket name. It must be a globally unique name. As a result, your bucket is created.

5. To grant Simple Storage Service (S3) access permission, create a vmimport role in the AWS Identity and Access Management (IAM), if you have not already.

   1. Create a trust-policy.json file with the trust policy configuration in JSON format. For example:

      {
          "Version": "2022-10-17",
          "Statement": [{
              "Effect": "Allow",
              "Principal": {
                  "Service": "vmie.amazonaws.com"
              },
              "Action": "sts:AssumeRole",
              "Condition": {
                  "StringEquals": {
                      "sts:Externalid": "vmimport"
                  }
              }
          }]
      }

   2. Create a role-policy.json file with the role policy configuration, in the JSON format. For example:

      {
          "Version": "2012-10-17",
          "Statement": [{
              "Effect": "Allow",
              "Action": ["s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket"],
              "Resource": ["arn:aws:s3:::%s", "arn:aws:s3:::%s/"] }, { "Effect": "Allow", "Action": ["ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe"],
              "Resource": "*"
          }]
      }
      $BUCKET $BUCKET

   3. Create a role for your Amazon Web Services account, by using the trust-policy.json file:

      $ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

   4. Embed an inline policy document by using the role-policy.json file:

      $ aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Procedure

1. Build the image:

   # image-builder build ami \
   --blueprint blueprint-name \
   --aws-region us-east-1 \
   --aws-bucket <example-bucket> \
   --aws-ami-name <image-name> \

2. Upload the image to AWS:

   # image-builder upload <image-name> \

Verification

1. Confirm the image upload by accessing EC2 in the AWS console and selecting the correct region.
2. On the dashboard, select your image and click Launch.

Procedure

1. In the RHEL image builder dashboard, select your blueprint in blueprint name. Select the Images tab, and click Create Image.
2. From the Type drop-down menu list, select Amazon Machine Image Disk (.raw), check Upload to AWS, and click Next.

3. Enter your AWS access key ID and AWS secret access key in the corresponding fields. Click Next.

   Note

   If you do not know your Secret Key, generate a new Access Key ID.

4. Enter the Image name`, Amazon S3 bucket name, and AWS region, then click Next.
5. Review the information and click Finish. Wait for the Image build complete status.
6. In the AWS console, navigate to Service→EC2, select the correct region, and verify your image shows Available status.
7. Select your image, click Launch, choose an instance type, and click Review and Launch.

8. Review instance details, click Launch, then select or create a key pair:

   • To create a new key pair, select Create a new key pair, enter a name, and click Download Key Pair.
9. Click Launch Instance and wait the instance status to change to running.

10. Click Connect, then use SSH to access your instance:

    $ chmod 400 <your_instance_name>.pem
    $ ssh -i <your-instance_name>.pem ec2-user@<your-instance-IP-address>

    1. Type yes to confirm the connection.