Creating an AMI

There are several techniques for creating an AMI offering a mix of ease of use and detailed customization levels. The easiest method involves starting from an existing public AMI and modifying it according to your requirements, as described in the section called “Starting with an Existing AMI”.

Another approach is to build a fresh installation either on a stand-alone machine or on an empty file system mounted by loopback. This essentially entails building an operating system installation from scratch and is described in the section called “Creating through a Loopback File”.

Once the installation package has been built to your satisfaction it needs to be bundled and uploaded to Amazon S3 as described in the section called “Bundling an AMI”.

Starting with an Existing AMI

This is the quickest and easiest of the methods to get a new working AMI. Start with an existing public AMI or one of your own. You can then modify that as you see fit and subsequently create a new AMI with the ec2-bundle-vol utility, as decribed later in the section called “Bundling an AMI”.

Select an AMI

The first step is to locate an AMI that contains the packages and services that you require. This can be one of your own AMIs or one of the public AMIs provided by Amazon EC2. Use ec2-describe-images to get a list of available AMIs, as is shown below, then select one of the listed AMIs and note its AMI ID, e.g. ami-5bae4b32:

PROMPT>  ec2-describe-images 
IMAGE ami-60a54009 ec2-public-images/base-fc4-apache.manifest.xml 475219833042 available public
IMAGE ami-61a54028 <your-s3-bucket>/image.manifest.xml 495219933132 available private
IMAGE ami-5bae4b32 ec2-public-images/getting-started.manifest.xml 475219833042 available public
IMAGE ami-6ea54007 ec2-public-images/base-fc3-mysql.manifest.xml 475219833042 available public

Generate a Keypair

This step is only required if you've selected one of the public AMIs provided by Amazon EC2. A public/private keypair must be created to ensure that you, and only you, have access to the instances that you launch.

PROMPT>  ec2-create-keypair gsg-keypair
KEYPAIR gsg-keypair 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f 
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp
HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg
5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/
ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5
i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5
91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM
ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7
3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA
SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI
tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1
jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco
xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC
iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm
rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB
gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC
DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V
rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm
gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4
JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT
P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe
2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g==
-----END RSA PRIVATE KEY-----

The resulting private key must be saved in a local file for later use. Create a file named id_rsa-gsg-keypair and paste into it all lines starting with the line "-----BEGIN PRIVATE KEY-----" and ending with the line "-----END PRIVATE KEY-----". Confirm that the file contents looks exactly as shown below.

-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp
HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg
5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/
ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5
i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5
91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM
ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7
3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA
SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI
tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1
jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco
xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC
iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm
rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB
gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC
DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V
rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm
gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4
JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT
P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe
2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g==
-----END RSA PRIVATE KEY-----

Launch an Instance

You are now ready to launch an instance of the AMI you selected above.

PROMPT>  ec2-run-instances ami-5bae4b32 -k gsg-keypair 
INSTANCE        i-10a64379   ami-5bae4b32   EC2    pending   gsg-keypair  0

The instance ID in the second field of the output is a unique identifier for the instance and can be used subsequently to manipulate your instance, e.g. to terminate it.

	Important
	Once you launch an instance, you will be billed per hour for CPU time. Make sure you terminate any instances which you don't intend to leave running indefinitely.

It will take a few minutes for the instance to launch. You can follow its progress by running:

PROMPT>  ec2-describe-instances i-10a64379 
RESERVATION     r-fea54097  495219933132   EC2
INSTANCE        i-10a64379  ami-5bae4b32   domU-12-34-31-00-00-05.usma1.compute.amazonaws.com   EC2    running   gsg-keypair 0

When the status field reads "running", the instance has been created and has started booting. There may still be a short time before it is accessible over the network, however. The DNS name displayed in the sample output above will be different from that assigned to your instance. Make sure you use the appropriate one.

Authorize Network Access

In order to be able to reach the running instance from the Internet, you need to enable access for the ssh service which runs on port 22:

PROMPT>  ec2-authorize default -p 22
PERMISSION     default  ALLOWS  tcp     22      22      FROM    CIDR   0.0.0.0/0

Connect to the Instance

Now that you have a running instance, you can log in and modify it according to your requirements. If you launched a public Amazon EC2 AMI, you can use the following command to log in with your own private key:

PROMPT>  ssh -i id_rsa-gsg-keypair root@domU-12-34-31-00-00-05.usma1.compute.amazonaws.com 
root@my-instance #

Otherwise, use the plain ssh command and supply the appropriate password when prompted.

PROMPT>  ssh root@domU-12-34-31-00-00-05.usma1.compute.amazonaws.com 
root@my-instance #

You now have complete control over the instance and may add, remove, modify or upgrade packages and files to suit your needs. Some of the basic configuration settings related to the Amazon EC2 environment, such as the network interface configuration and /etc/fstab contents, should only be changed with extreme care, to avoid making the AMI unbootable or inaccessible from the network once running.

Upload the Key and Certificate

The new AMI will be encrypted and signed to ensure that it can only be accessed by you and Amazon EC2. You therefore need to upload your Amazon EC2 private key and X.509 certificate to the running instance, for use in the AMI bundling process.

Assuming the private key and X.509 certificate are contained in files pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem and cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem, copy both of these files to your instance:

PROMPT> scp pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem root@domU-12-34-31-00-00-05.usma1.compute.amazonaws.com:/tmp
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem                         100%  717     0.7KB/s   00:00 cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem                       100%  685     0.7KB/s   00:00

	Note
	It is important that the key and cert files are uploaded into /tmp to prevent them being bundled with the new AMI.

You are now ready to proceed to the next step which involves bundling the volume and uploading the resulting AMI to Amazon S3. This is described in the section called “Bundling an AMI”.

Creating through a Loopback File

This method entails doing a full operating system installation on a clean root file system, but avoids having to create a new root disk partition and file system on a physical disk. Once you have installed your operating system, the resulting image can be bundled as an AMI with the ec2-bundle-image utility.

Create a File to Host the AMI

The dd utility can be used to create files of arbitrary sizes. In this case, make sure to create a file large enough to host the operating system, tools and applications that you will install. For example, a baseline Linux installation requires about 700MB, so your file should be at least 1GB. The command below creates a file of 1024*1MB=1GB.

# dd if=/dev/zero of=my-image.fs bs=1M count=1024
1024+0 records in
1024+0 records out

Create a Root File System Inside the File

There are several variations on the generic mkfs utility that can be used to create a file system inside my-image.fs. Typical Linux installations default to ext2 or ext3 file systems. Create an ext3 file system by issuing the following command:

# mke2fs -F -j my-image.fs
mke2fs 1.38 (30-Jun-2005)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
131072 inodes, 262144 blocks
13107 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks: 
        32768, 98304, 163840, 229376

Writing inode tables: done                            
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 24 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Mount the File through Loopback

The loopback module allows you to use a normal file as if it were a raw device. In this manner you get a file-system in a file. Mounting a file system image file through loopback presents it as part of the normal file system. You can then modify it using your favorite file management tools and utilities. Create a mount point in the file system where the image will be attached and then mount the file system image, as follows:

# mkdir /mnt/ec2-fs
# mount -o loop my-image.fs /mnt/ec2-fs

Prepare for the Installation

Before the operating system installation can proceed, some basic files have to be created and prepared on the newly created root file system.

Create `/dev`

Create a /dev directory and populate it with a minimal set of devices (you can ignore the errors in the output):

# mkdir /mnt/ec2-fs/dev
# /sbin/MAKEDEV -d /mnt/ec2-fs/dev -x console
MAKEDEV: mkdir: File exists
MAKEDEV: mkdir: File exists
MAKEDEV: mkdir: File exists
# /sbin/MAKEDEV -d /mnt/ec2-fs/dev -x null
MAKEDEV: mkdir: File exists
MAKEDEV: mkdir: File exists
MAKEDEV: mkdir: File exists
# /sbin/MAKEDEV -d /mnt/ec2-fs/dev -x zero
MAKEDEV: mkdir: File exists
MAKEDEV: mkdir: File exists
MAKEDEV: mkdir: File exists

Create `/etc`

Create an /etc directory:

# mkdir /mnt/ec2-fs/etc

Create /mnt/ec2-fs/etc/fstab and add the following entries to it:

/dev/sda1  /         ext3    defaults        1 1
none       /dev/pts  devpts  gid=5,mode=620  0 0
none       /dev/shm  tmpfs   defaults        0 0
none       /proc     proc    defaults        0 0
none       /sys      sysfs   defaults        0 0

Create `yum-xen.conf`

Create a temporary yum configuration file that will ensure all the required basic packages and utilities are installed. This configuration file can be created anywhere on your main file system, but for now we'll assume that you create it in your working directory. Just to clarify, it does not need to be created in the loopback file system. It is used only during installation of the loopback file system. Create yum-xen.conf with the following content:

[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
exclude=*-debuginfo
gpgcheck=0
obsoletes=1
reposdir=/dev/null

[base]
name=Fedora Core 4 - $basearch - Base
mirrorlist=http://fedora.redhat.com/download/mirrors/fedora-core-$releasever
enabled=1

[updates-released]
name=Fedora Core 4 - $basearch - Released Updates
mirrorlist=http://fedora.redhat.com/download/mirrors/updates-released-fc$releasever
enabled=1

Mount `proc`

Due to a bug in the groupadd utility from the shadow-utils package (versions prior to 4.0.7-7), the new proc file system needs to be mounted by hand at this point.

# mkdir /mnt/ec2-fs/proc
# mount -t proc none /mnt/ec2-fs/proc

Install the Operating System

At this stage all the basic directories and files have been created and you are ready to do the operating system installation. This process might take a while depending on the speed of the host and the network link to the repository.

# yum -c yum-xen.conf --installroot=/mnt/ec2-fs -y groupinstall Base
Setting up Group Process
Setting up repositories
base                      100% |=========================| 1.1 kB    00:00     
updates-released          100% |=========================| 1.1 kB    00:00     
comps.xml                 100% |=========================| 693 kB    00:00     
comps.xml                 100% |=========================| 693 kB    00:00     
Setting up repositories
Reading repository metadata in from local files
primary.xml.gz            100% |=========================| 824 kB    00:00     
base      : ################################################## 2772/2772
Added 2772 new packages, deleted 0 old in 15.32 seconds
primary.xml.gz            100% |=========================| 824 kB    00:00     
updates-re: ################################################## 2772/2772
Added 2772 new packages, deleted 0 old in 10.74 seconds
...
Complete!

Congratulations!

You now have a base installation in the image file you've created. The next steps are to configure the installation to operate inside Amazon EC2, and to customize the installation for your use.

Configure the Installed Operating System

The base operating system has now successfully been installed. You must now configure the networking and hard drives to work in the Amazon EC2 environment.

Configure the Network Interface

The Amazon EC2 environment provides a networking interface card that needs to be configured to provide external network access for the running instance. Edit (or create) the following file /mnt/ec2-fs/etc/sysconfig/network-scripts/ifcfg-eth0, making sure it contains at least the following information.

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no

	Note
	The Amazon EC2 DHCP server ignores hostname requests. If you set `DHCP_HOSTNAME` the local hostname will be set on the instance but not externally. In addition, this local hostname will be the same for all instances of the AMI, which may prove confusing.

Enable Networking

After configuring the network interface, you need to ensure that networking will come up when the system is started. To do this, ensure that (at least) the following appears in /mnt/ec2-fs/etc/sysconfig/network.

NETWORKING=yes

Set up Hard Drives in `/etc/fstab`

Amazon EC2 provides the instance with additional local storage by way of a disk drive on /dev/sda2. In addition, swap space is provided on /dev/sda3. To ensure both these are mounted at system start up time, add the following lines to /mnt/ec2-fs/etc/fstab:

/dev/sda2  /mnt      ext3    defaults        1 2
/dev/sda3  swap      swap    defaults        0 0

Configure Additional Services

Finally, make sure that all of your required services will be started at system start up time by allocating them to the appropriate system run levels. To enable the service my-service on multi-user and networked run levels, for example, execute:

# chroot /mnt/ec2-fs /bin/sh
# chkconfig --level 345 my-service on
# exit

Unmount the Loopback File

Your new installation has now been successfully installed and configured to operate in the Amazon EC2 environment. You may now unmount the image:

# umount /mnt/ec2-fs/proc
# umount -d /mnt/ec2-fs

	Copyright Information