 | Feedback |  |
Creating your own AMIs will allow you to make the most of Amazon EC2. Your AMIs become the basic unit of deployment which allow you to rapidly boot new custom instances as you need them.
You can make a new AMI either by creating a new one from scratch on your own machines or by modifying and extending an existing image (such as the one you just booted and logged onto). This section will take you through modifying the image that you booted in the last section.
Select an image that will serve as the basis for the new one. In this case you’ll be using the instance you’ve already logged into. The image used to create this instance contains a default web site which you are going to modify. You should have logged into your instance at the end of the last chapter. If not, do so now by following the steps described in the section called “Connecting to your Instance”.
You will modify the main web page by replacing some of the static
content with your name to personalize it. Modify the page by executing
the following command. Don't worry too much about what exactly it does,
but remember to replace the text
with
your own name.
<YourName>
#sed -i -e 's/Congratulations!/Congratulations<YourName>!/' /var/www/html/index.html
Check that the file had indeed been updated by confirming that the date and time displayed in the output example below matches the current date.
#ls -l /var/www/html/index.html-rw-rw-r-- 1 root root 1872 Jun 21 09:33 /var/www/html/index.html#dateWed Jun 21 09:33:42 EDT 2006
Once your system has been suitably modified, a system snapshot needs to be created and packaged into an AMI by using the ec2-bundle-vol utility.
ec2-bundle-vol encrypts and signs the image to ensure it cannot be tampered with and that only you and Amazon EC2 can decrypt it.
Let’s assume the private key and X.509 certificate, as generated
and downloaded in the section called “Signing up for Amazon EC2”, are contained in
files pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem and
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem. Copy your private key and
certificate to the machine being bundled.
PROMPT>scp -i id_rsa-gsg-keypairpk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pemcert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pemroot@domU-12-34-31-00-00-05.usma1.compute.amazonaws.com:/mntpk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem 100% 717 0.7KB/s 00:00 cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem 100% 684 0.7KB/s 00:00
![[Note]](images/note.png) | Note |
|---|---|
| Your machine may have a different name for the scp command shown above or even use different command line options. Consult the documentation for your machine or download one of the clients described in the section called “SSH Clients” if you are unsure whether you have such a client installed. If you are running Windows and are using PuTTY take a look at Chapter 8, Appendix: PuTTY for help on using PuTTY and pscp, PuTTY's secure copy tool. |
| Note |
|---|---|
It is important that the key and cert files are uploaded into
/mnt to prevent them being bundled with the new AMI.
|
At this point, the machine image has been modified and the private key and X.509 certificate uploaded. The AMI can now be bundled, using your AWS account ID as your username (not your AWS Access Key ID):
#ec2-bundle-vol -d /mnt -k /mnt/pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem-c /mnt/cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem-u495219933132-r i386Copying / into the image file /mnt/image.img... Excluding: /sys /dev/shm /proc /dev/pts /proc/sys/fs/binfmt_misc /dev /media /mnt /proc /sys /tmp/image.img /mnt/img-mnt 1+0 records in 1+0 records out mke2fs 1.38 (30-Jun-2005) warning: 256 blocks unused. Splitting /mnt/image.gz.crypt... Created image.part.00 Created image.part.01 Created image.part.02 Created image.part.03 ... Created image.part.22 Created image.part.23 Generating digests for each part... Digests generated. Creating bundle manifest... Bundle Volume complete.
This command may take several minutes to complete. Once the bundling
process has been completed, the AMI, its associated manifest
file and image parts can be found in the /mnt
directory. Confirm this with the following command:
#ls -l /mnt/image.*-rw-r--r-- 1 root root 1611661312 Jun 20 10:12 /mnt/image.image -rw-r--r-- 1 root root 10485760 Jun 20 10:12 /mnt/image.part.00 -rw-r--r-- 1 root root 10485760 Jun 20 10:12 /mnt/image.part.01 -rw-r--r-- 1 root root 10485760 Jun 20 10:12 /mnt/image.part.02 -rw-r--r-- 1 root root 10485760 Jun 20 10:12 /mnt/image.part.03 ... -rw-r--r-- 1 root root 10485760 Jun 20 10:12 /mnt/image.part.22 -rw-r--r-- 1 root root 10485760 Jun 20 10:12 /mnt/image.part.23 -rw-r--r-- 1 root root 2970 Jun 20 10:12 /mnt/image.manifest
All AMIs are loaded from Amazon S3 storage. The newly bundled AMI needs to be uploaded to an existing account on Amazon S3 such as the one you created in the section called “Signing up for Amazon S3”.
S3 stores data objects in buckets, which are similar in concept to directories. You'll need to specify a bucket name in the command below as <your-s3-bucket>. Buckets have globally unique names and are owned by unique users. If you have used S3 before, you can use any of your existing buckets or just give ec2-upload-bundle any name that makes sense to you. The ec2-upload-bundle utility will upload the bundled AMI to a specified bucket. If the specified bucket does not exist it will create it. If the specified bucket belongs to another user ec2-upload-bundle will fail, and you will have to try a different name.
For this step you'll need your AWS Access Key ID (<aws-access-key-id>) and AWS Secret Access Key (<aws-secret-access-key>). The steps to find these were covered in the section called “Signing up for Amazon S3”.
The upload process can be quite lengthy, but you will get continuous feedback until the upload has completed.
#ec2-upload-bundle -b<your-s3-bucket>-m /mnt/image.manifest.xml -a<aws-access-key-id>-s<aws-secret-access-key>Encrypting bundle manifest... Completed encryption. Uploading encrypted manifest... Uploaded encrypted manifest to https://s3.amazonaws.com/<your-s3-bucket>/image.manifest.xml. Uploading bundled AMI parts to https://s3.amazonaws.com/<your-s3-bucket>/image... Uploaded image.part.00 to https://s3.amazonaws.com/<your-s3-bucket>/image.part.00. Uploaded image.part.01 to https://s3.amazonaws.com/<your-s3-bucket>/image.part.01. Uploaded image.part.02 to https://s3.amazonaws.com/<your-s3-bucket>/image.part.02. Uploaded image.part.03 to https://s3.amazonaws.com/<your-s3-bucket>/image.part.03. ... Uploaded image.part.23 to https://s3.amazonaws.com/<your-s3-bucket>/image.part.23. Uploaded image.part.24 to https://s3.amazonaws.com/<your-s3-bucket>/image.part.24. Upload Bundle complete.
| Note |
|---|---|
| Bear in mind that once the bundle has been uploaded to Amazon S3, you will be charged for the storage. You may remove the image from Amazon S3 as described in the section called “Removing Your AMI from Amazon S3”. |
At this point your new image is ready to be registered and launched, and you can log out of your ssh session.
Your image must be registered with Amazon EC2, so we can locate it and run instances based on it. Execute the following command to register the AMI you've just uploaded to Amazon S3:
PROMPT>ec2-register<your-s3-bucket>/image.manifest.xmlIMAGE ami-5bae4b32
As output you will get an AMI identifier, the value next to the
IMAGE tag (ami-5bae4b32
in the example) that can be used to run instances.
You can now run an instance of the modified AMI by specifying the image identifier you received when you registered the image. Execute the following command, substituting the image identifier with that received in the section called “Registering the AMI”.
PROMPT>ec2-run-instancesami-5bae4b32INSTANCE i-10a64379 ami-5bae4b32 pending 0 m1.small 2007-07-11T16:40:44+0000
This will start a single instance based on your newly created AMI and provide
you with an instance identifier, the value immediately to the right of
the INSTANCE tag, that can be used to
monitor the status of the running instance, as you did in
the section called “Running an Instance”, to confirm the instance is up and running.
You now have your very own image starting up and getting ready. You can monitor its status until it's ready and then connect to it with your web browser to confirm the changes you had made are actually live. If you want to ssh in and take a look around, you can do so using the keypair you created in the the section called “Connecting to your Instance”. The keypair you launched that instance with was included in your new AMI during the bundling process.
You have successfully built and deployed your very own AMI, and run instances based on it. This custom AMI is private to your account. You can build as many custom AMIs as required and use them to launch as many instances as you need.
With these simple building blocks and the other public AMIs made available by Amazon and third-parties, you're well positioned to realize the full benefits of Amazon EC2.
| Note |
|---|---|
AMIs published by third parties should be launched with caution. Amazon does not vet public AMIs. We recommend checking the forums for community feedback on a public AMI before launching it, and taking necessary precautions after launching it. |
