Update AMIs: Setting up - Amazon Nimble Studio

Update AMIs: Setting up

Setting up the right software for your team is an important part of maintaining a working studio. You can accomplish this by updating your Amazon Machine Images (AMIs) with specific software versions or new tools.

In the Creating launch profiles tutorial, you learned how to select AMIs for your launch profiles. The AMIs assigned to launch profiles determine which software and operating systems are available to your artists when they start a streaming session.

In this tutorial, the General setup section will show you what you need to do before you can update your AMIs. You will learn how to create an Amazon Simple Storage Service (Amazon S3) bucket to store your installers, a security group, IAM policies, and roles. After you complete this setup, you can follow the instructions to Update AMIs for your operating system.

Prerequisites

Complete the following before you begin this tutorial:

General setup

Before you update an AMI, do a general setup in your account, including setting up cloud storage to store your installers. You only need to do these steps once, as described in this section.

If you have already completed the following steps, you can skip to Update AMIs for your operating system.

Step 1: Create an Amazon Simple Storage Service (Amazon S3) bucket to store your installers

Create an Amazon S3 bucket to store your installers. The storage containers used by Amazon S3 are called buckets, which are similar to folders or directories. For more information, see Buckets overview in the Amazon Simple Storage Service User Guide.

Use an Amazon S3 bucket as the central storage for installers to help you track which versions of software that you have installed on your AMIs. You might not always want to use the latest version of a given application. Storing installers in one location for the versions that you do want to use will make it easier to ensure that you're installing the same version of software on all your AMIs.

  1. Sign in to the AWS Management Console and open the Amazon S3 console.

  2. In the AWS Region selector (top-right navigation bar), make sure that the Region for your studio is selected.

    
                  The AWS Region selector in the menu bar of an AWS service console.
  3. On the buckets page, choose Create bucket.

    
                     Create Amazon S3 bucket
  4. For Bucket name, enter a name, such as <your-studio-name>-installers.

  5. In the AWS Region selector make sure that the Region for your studio is selected.

    
                     Create Amazon S3 bucket
  6. We recommend using the default settings for everything else on this page. However, you can change the settings based on your needs. For more information on S3 bucket settings, see Creating a bucket in the Amazon Simple Storage Service User Guide.

  7. Scroll to the bottom of the page and choose Create bucket.

  8. After your bucket is created, find it in the list, then choose its name.

  9. To create folders for your installers, choose Create folder.

  10. To upload installers from your local machine to S3, choose Upload.

    
                     Upload S3 bucket
    1. The next image shows the page for the bucket that you created. Notice that it has a subfolder blender with the Blender 2.92.0 Windows installer uploaded to it.

      
                           Blender Windows installer uploaded

Step 2: Create IAM policies

To update an AMI, launch an instance and update its software. For that instance to have access to the AWS services that it needs, create an AWS Identity and Access Management (IAM) role with the correct permissions policies attached. This will allow you to connect to the instance, access the Amazon S3 bucket that you created in the last step, and access the license for NICE DCV (for instances with a GUI).

Amazon provides a policy to connect to your instances with Session Manager, but create policies to provide access to your S3 bucket and to the NICE DCV license file for your Region.

Create a policy for the installers bucket

First you will create a policy that allows read-only access to the Amazon S3 installers bucket you created in the last step. Follow the instructions in Creating policies on the JSON tab in the IAM User Guide while using the following information.

To create a policy for the installers bucket

  1. Replace the JSON data in the text field with the following JSON text. Make sure to change the two example lines in the code below DOC-EXAMPLE-BUCKET to the name of the bucket that you just created in Step 2.

    { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:ListBucket" ], "Resource":"arn:aws:s3:::<BUCKET-NAME>" }, { "Effect":"Allow", "Action":[ "s3:GetObject" ], "Resource":"arn:aws:s3:::<BUCKET-NAME>/*" } ] }
  2. Name your new policy NimbleStudioInstallersS3ReadOnly.

Create a policy for the NICE DCV license

Next, you will create a policy to allow instances that use NICE DCV to access the NICE DCV license file for your region.

To create a policy for the NICE DCV license

  1. Choose Create policy.

  2. Select the JSON tab.

  3. Replace the JSON data in the text field with the JSON provided here: Licensing the NICE DCV Server - NICE DCV.

    1. Make sure that you replace the region placeholder with your AWS Region (for example, us-west-2).

  4. Choose Next: Tags.

  5. Choose Next: Review.

  6. Name your new policy NimbleStudioDCVLicenseS3Access-region . Replace "region" with the AWS Region that your studio is located in.

  7. Add a description if you want.

  8. Choose Create policy.

Step 3: Create an IAM role

After you have created the IAM policies from the previous step, create the IAM role that you will attach to the instances that you use to create AMIs.

Follow the instructions in Creating a role for an AWS service (console) in the IAM User Guide while using the following information.

To create an IAM role

  1. For the service that you want to allow to assume this role, select EC2.

  2. For permissions policies, search for S3 and select the two policies that you created in the previous step from the list. Make sure to select the check box for each policy. Don’t select the name.

    
                     Select S3 IAM policy
  3. Also for permissions policies, search for SSM and select the check box for AmazonSSMManagedInstanceCore

    
                     Select SSM IAM policy
  4. (Optional) Enter Studio as the key and enter <your-studio-name> as the value.

  5. For Role name, enter Nimble_Studio_Build_AMI. (Optional) Add a description.

Step 4: Create a security group

Next, create a security group that allows you to connect to your instance from your local machine.

  1. Sign in to the AWS Management Console and open the Amazon EC2 console.

  2. Choose Security Groups in the left navigation pane under Network & Security.

  3. Choose Create security group.

    
                     List of security groups
  4. For Basic details, fill out the following:

    1. For Security group name, enter Nimble_Studio_Build_AMI.

    2. For Description, enter something like Security group for building Nimble Studio AMIs.

    3. For VPC, the default VPC should already be selected. If not, select it from the dropdown list.

  5. Create an inbound rule for this security group by choosing Add rule, and then filling out the information listed in this table.

    Security group inbound rules
    Type Protocol Port range Source Description

    Custom TCP

    TCP

    8443

    Consult with IT

    NICE DCV connection

    Important

    We recommend that you don’t use a source value of Anywhere because that allows any IP address to connect to your rule’s port(s).

    To determine the ideal source value to use for your security group, based on your studio’s security compliance goals, consult with your studio admin or IT team.

    You can also specify a range of IP addresses by selecting Custom and using CIDR block notation (xxx.xxx.xxx.xxx/n). This will limit traffic by only allowing a range of IP addresses to connect. Your studio admin or IT team can help you determine the correct CIDR block to use.

    After you’ve entered the information for all the inbound rules, it should resemble the following image. Your “Source” value will vary depending on the recommendation of your studio admin or IT team.

    
                     Security group all inbound rules
  6. Scroll to the bottom of the screen and choose Create security group. After this process has been successfully completed, a green banner will confirm this at the top of the page.

Update AMIs for your operating system

For your artists to access a new version of software through a launch profile, first update your software on an AMI that you create. After you create and update that AMI, you can add it as an option in a launch profile. Then, you can create different AMIs for different versions of software or for specific tasks, such as texture painting or lighting.

The following tutorials provide instructions for updating AMIs for specific operating systems:

Software-specific instructions

Some software that you install on your AMI might require special steps for it to work correctly. For more information, see Software specific installation tips.

Troubleshooting

Reduce the AMI size.

Error: I got this error when trying to add an AMI to my studio: You cannot add an AMI that exceeds 500 GBs.

  1. Sign in to the AWS Management Console and open the Amazon EC2 console.

  2. Choose Instances in the left navigation pane.

  3. Select the instance that you created the AMI with, then connect to it with NICE DCV.

  4. There are two main areas that you can reduce the AMI size:

    1. Downloaded files.

    2. Installed applications

  5. After you have removed the files that you don’t need, create a new version of your AMI, encrypt it, then add it to your studio.

Remove AMIs or increasing your quota.

Error: I got this error when trying to add an AMI to my studio: Your studio exceeds the custom streaming image quota.

To remove AMIs from your studio

  1. Sign in to the AWS Management Console and open the Nimble Studio console.

  2. Choose Studio resources in the left navigation pane.

  3. Scroll down to Amazon Machine Image.

  4. Select the AMI that you want to remove.

  5. Choose, Action. Then choose Remove.

  6. Enter Remove and choose Remove.

To increase your custom streaming image quota

  1. Sign in to the AWS Management Console and open the Service Quotas console.

  2. Choose AWS services in the left navigation pane.

  3. Search for Nimble Studio.

  4. Choose Amazon Nimble Studio from the list.

  5. Select Custom streaming images per studio.

  6. Choose Request quota increase.

  7. Under Change quota value enter the number of custom streaming images you would like to be able to have in your studio.

  8. Choose Request.