cc by-sa flurdy

ec2 - Amazon Elastic Compute Cloud tips and howtos

How to make an Amazon Machine Image (AMI)

This page is part of larger set of tips & howtos on ec2 by flurdy.
| More
Other ec2 docs by flurdy

This will tell you step by step how to create a Amazon AWS ec2 AMI image.
It presumes you know all about ec2, know what an AMI is and have followed the previous required guides.

Pre requisites

You need to be comfortable with running an ec2 instance.
Obviously you need an instance to make an image from, and I will assume this is an Ubuntu one similar to my ubuntu server tips.
You need to be set up with S3, and have a backup plan and a bucket for AMIs beforehand. Check my backup page for S3 tips.

EBS or instance based boot

Basically if your instance is booted and running from the default assigned disk or booted and running directly from an EBS store. This guide will assume instance boot.

How to make an image of an EBS boot will be made soon. (Basically you take a snapshot of it and some extra steps, the AWS console automates this for you)

Step by step

Assumtions:

Change commands below if any different.

Legends to replace

Beforehand

Steps you need to do before hand. But only once.

Local
  • Make sure you have your AWS ssh key at hand
  • Make sure you got your two AWS certifcates at hand
  • Find your Amazon AWS access key IDs
vi ~/.ec2/accessKeys.txt
  • Past details into the file so it looks something like this:
export AWS_ACCESS_KEY_ID=awsAccessKey
export AWS_SECRET_ACCESS_KEY=awsSecretKey
export AWS_USER=awsUser
  • Save and exit VIM
  • Next encrypt this text file if you want to
gpg -r yourGpgEmailId -e ~/.ec2/accessKeys.txt;
shred -u ~/.ec2/accessKeys.txt

Commands

Step by step commands to do every time you want to make an AMI. Which you should do at regular intervals and definetly after evey major change to your instance. (Having a good backup and EBS strategy reduces this frequency.)

Remote/ec2 instance to backup Local Remote/ec2 new instance image
ssh -i .ec2/yourAwsKey ubuntu@publicDNSname
cd /mnt;
sudo mkdir ec2;
sudo chown ubuntu:ubuntu ec2
scp -i .ec2/yourAwsKey .ec2/*.pem ubuntu@publicDNSname:/mnt/ec2/
vi ec2/api
gpg -d .ec2/accessKeys.txt.gpg
  • Copy access keys lines
  • Paste inn ssh keys into VIM window
  • Save and exit VIM
source ec2/api;
sudo mkdir bundle
Shut down any services, e.g. Apache, Postfix, etc.
(Depends on what is running on your instance)
Here are a couple of examples:
sudo /etc/init.d/apache2 stop;
sudo /etc/init.d/spamassassin stop;
sudo /etc/init.d/amavis stop;
sudo /etc/init.d/clamav-freshclam stop;
sudo /etc/init.d/clamav-daemon stop;
sudo /etc/init.d/courier-authdaemon stop;
sudo /etc/init.d/courier-imap-ssl stop;
sudo /etc/init.d/courier-imap stop;
sudo /etc/init.d/postfix stop;
sudo /etc/init.d/tomcat6 stop;
sudo /etc/init.d/mysql stop
Unmount any EBS, if any are attached to this instance.
Here are a couple of examples:
sudo umount /mnt/www;
sudo umount /mnt/webapps;
sudo umount /mnt/logs;
sudo umount /mnt/home;
sudo umount /mnt/mail;
sudo umount /mnt/mysql
  • Warning. If to be made public please verify:
    • log files are emptied
    • no bash history is retained
    • your ssh key is not left in any authorizedKeys files
    • passwords are reset
    • other services with passwords are reset (mysql, etc)
    • /tmp and similar is cleared
    • god knows what do do with ext3 journals?:..
    • .....
sudo ec2-bundle-vol -d /mnt/bundle/ \
-k /mnt/ec2/pk-*.pem -c /mnt/ec2/cert-*.pem \
-u $AWS_USER -s 4096 -r i386 \
-p descriptive_name-date-version
  • Wait awhile... till its done.
  • If not already done, create the bucket to be used for storing the AMI
  • This assumes you have s3sync installed on the instance.
    For more info on s3sync and installation guide read my backup page.
  • If you do not have or want s3sync,
    you need to create a bucket via the ec2 command line tools or tools like s3fox
s3cmd.rb createbucket s3bucket
  • Upload the AMI to S3
ec2-upload-bundle -b s3bucket \
-m /mnt/bundle/descriptive_name-date-version.manifest.xml \
-a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_ACCESS_KEY \
--location US
  • Wait awhile... till its done.
  • Register via elasticfox (or command line...)
  • Path to use is s3bucket/descriptive_name-date-version.manifest.xml
  • Find new image in elasticfox and boot it
ssh -i .ec2/yourAwsKey ubuntu@publicDNSnameOfNewImage
  • Test if you can log in and looks ok.
sudo shutdown -h now
  • Terminate test instance in elasticfox (be carefull...)
sudo rm -rf ec2 bundle
  • Mount EBSes again
  • Start services previously stopped
  • You can via elasticfox make this instance image public! Risky...

Voila!

Any issues or comments, refer to my feedback :)




head back to flurdy's ec2 docs for more ec2 tips and howtos?

flurdy