|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
To quickly and easily get a new working AMI, start with an existing public AMI or one of your own. You can then modify it and create a new AMI.
Before You Get Started
Before you select an AMI, determine whether the instance types you plan to launch are 32-bit or 64-bit. For more information, see Instance Families and Types.
Make sure you are using GNU Tar 1.15 or later.
|3||Install the Amazon EC2 API tools. Go to
Amazon EC2 API Tools for more information and to download the tools from Amazon S3.
To ensure you have the latest and most reliable version, we recommend that you install the Amazon EC2 API tools only from Amazon S3.
Tasks to Use an Existing AMI to Create a New AMI
Customizing an instance involves the following series of steps:
Selecting an AMI from available AMIs.
Launching an instance from the AMI you selected.
Making changes to (thus, customizing) the instance, such as altering the Linux configuration, adding software, and configuring web applications.
For more information, see Launching EC2 Instances.
After you've launched an instance according to your specifications, proceed to the next steps to create a new AMI using the customized instance.
Your new AMI must be encrypted and signed to ensure that only you and Amazon EC2 can access it. To accomplish this, you must upload your Amazon EC2 private key and X.509 certificate to an instance store directory on your running instance. The private key and the certificate will be used in the AMI bundling process.
The private key and certificate files must not be bundled with the image. To prevent this,
create a separate directory for these files. This directory will be specifically
excluded from the bundle. In these examples, the private key and certificate
files will be stored in the
/tmp/cert directory. Before you
can upload the private key and certificate files, you must grant write
permissions to the directory where these files will be uploaded. The following
command grants write permission to
$sudo chmod 777 /tmp/cert
Copy your Amazon EC2 private key and X.509 certificate to the instance using a secure copy function such as scp.
The following shows the syntax to use with the
The name of your key pair.
The file that contains the private key.
The file that contains the certificate.
The login name you use to log in to your instance.
The DNS location of the instance within Amazon EC2.
The directory where your instance store is mounted.
scp displays the names of the files copied and some performance statistics.
The following is an example of a fully specified scp command using the Amazon Linux AMI.
scp -i gsg-keypair pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem email@example.com:/tmp/certpk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem 100% 717 0.7KB/s 00:00 cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem 100% 685 0.7KB/s 00:00
When you have the image that meets your specifications, you need to bundle it for uploading to Amazon S3. The bundling process requires root privileges. You can obtain these privileges with the sudo su command.
Use the ec2-bundle-vol command. Make sure to exclude the directory where the private key and certificate files are stored with the -e option. This option excludes files that may contain sensitive information, such as your AWS credentials.
<private_keyfile> is the file
that contains the private key
<certificate_file> is the file
that contains the certificate
<user_id> is the ID associated with your AWS account.
This is your AWS account ID without dashes. It consists of 12
to 15 characters, and it's not the same as
your access key ID.
<cert_location> is the directory
that contains the private key and certificate files, which must
be excluded from the bundle.
Be sure to disable SELinux when running ec2-bundle-vol.
The following command bundles the local machine root file system.
ec2-bundle-vol -e /tmp/cert -k pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -c cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -u 111122223333Please specify a value for arch [x86_64]: Copying / into the image file /tmp/image... Excluding: /sys ... /tmp/cert ... 1+0 records in 1+0 records out 1048576 bytes (1.0 MB) copied, 0.00172 s, 610 MB/s mke2fs 1.42.3 (14-May-2012) Bundling image file... Splitting /tmp/image.tar.gz.enc... Created image.part.00 Created image.part.01 ... Created image.part.NN Generating digests for each part... Digests generated. Creating bundle manifest... ec2-bundle-vol complete.
You must upload the bundled AMI to Amazon S3 before Amazon EC2 can access it. This task is necessary when you create Amazon EC2 instance store-backed AMIs from an existing instance or from a loopback. Use the ec2-upload-bundle command to upload the bundled AMI that you created earlier. Amazon S3 stores data objects in buckets, which are similar to directories. All buckets must have globally unique names. The ec2-upload-bundle command uploads the bundled AMI to a specified bucket. If the specified bucket exists and belongs to another AWS account, the ec2-upload-bundle command will fail.
The specified Amazon S3 bucket must exist, and it must have been created in the same region as the instance being uploaded.
Use the ec2-upload-bundle command as follows:
<your-s3-bucket> is the Amazon S3 bucket that the bundle will be uploaded to. You can also upload the
bundle to a subfolder of the bucket, such as
my-awsbucket/uploaded-images/image-1. If the subfolder does not exist, it will be created.
<manifest_path> is the full path to the manifest file (for example,
/tmp/image.manifest.xml). The manifest file will reside in the destination directory that was
specified in the ec2-bundle-vol command.
<access_key> is your AWS access key ID.
<secret_key> is your AWS secret key.
The AMI manifest file and all image parts are uploaded to Amazon S3. The manifest file is encrypted with the Amazon EC2 public key before being uploaded.
You must register your image with Amazon EC2, so that Amazon EC2 can locate it and run instances based on it. This task is necessary when you create Amazon EC2 instance store-backed AMIs from an existing file or from a loopback. If you make any changes to the source image stored in Amazon S3, you must reregister the image.
Use the ec2-register command (which is part of the EC2 CLI tools, not the AMI tools) as follows:
The capitalization of the bucket name and path in
<your-s3-bucket>/<path> must match exactly what was passed in the
This command registers the AMI in the default region. To specify a different region, set the
EC2_URL environment variable, or use the
--region option with the ec2-register command.
Amazon EC2 returns an AMI identifier, the value next to the
ami-2bb65342 in the example), that you can use to run instances.