Creating an Image

Topics

Making Your New Amazon Machine Image

Creating your own AMIs will allow you to make the most of Amazon EC2. Your AMIs become the basic unit of deployment which allow you to rapidly boot new custom instances as you need them.

You can make a new AMI either by creating a new one from scratch on your own machines or by modifying and extending an existing image (such as the one you just booted and logged onto). This section will take you through modifying the image that you booted in the last section.

Modifying an Existing Image

To modify an image

Select an image that will serve as the basis for the new one. The image used to create this instance contains a default web site which you are going to modify.
Log in to your instance as described in Connecting to your Instance.
Modify the main web page by replacing some of the static content with your name to personalize it. Modify the page by executing the following command. Don't worry too much about what exactly it does, but remember to replace the text <YourName> with your own name.
```
# sed -i -e 's/Congratulations!/Congratulations <YourName>!/' /var/www/html/index.html 
```

Check that the file is updated by confirming that the date and time displayed in the following output example matches the current date.

# ls -l /var/www/html/index.html
-rw-rw-r--  1 root root       1872 Jun 21 09:33 /var/www/html/index.html
# date
Wed Jun 21 09:33:42 EDT 2006

Preparing for Bundling

Once your system has been suitably modified, a system snapshot needs to be created and packaged into an AMI by using the ec2-bundle-vol utility.

ec2-bundle-vol encrypts and signs the image to ensure it cannot be tampered with and that only you and Amazon EC2 can decrypt it.

Let's assume the private key and X.509 certificate (as generated and downloaded in Signing up for Amazon EC2) are contained in files pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem and cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem. Copy your private key and certificate to the machine being bundled.

PROMPT> scp -i id_rsa-gsg-keypair pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem root@domU-12-34-31-00-00-05.compute-1.amazonaws.com:/mnt
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem                         100%  717     0.7KB/s   00:00
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem                       100%  684     0.7KB/s   00:00

	Note
	Your machine may have a different name for the preceding scp command or even use different command line options. Consult the documentation for your machine or download one of the clients described in SSH Clients. If you are running Windows, see Appendix: PuTTY for help on using PuTTY and pscp (PuTTY's secure copy tool).

	Note
	It is important that the key and cert files are uploaded into `/mnt` to prevent them being bundled with the new AMI.

Bundling

At this point, the machine image has been modified and the private key and X.509 certificate uploaded. The AMI can now be bundled, using your AWS account ID as your username (not your AWS Access Key ID).

# ec2-bundle-vol -d /mnt -k /mnt/pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem -c /mnt/cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem -u 495219933132 -r i386 -p sampleimage
Copying / into the image file /mnt/image.img...
Excluding: 
     /sys
     /dev/shm
     /proc
     /dev/pts
     /proc/sys/fs/binfmt_misc
     /dev
     /media
     /mnt
     /proc
     /sys
     /tmp/image.img
     /mnt/img-mnt
1+0 records in
1+0 records out
mke2fs 1.38 (30-Jun-2005)
warning: 256 blocks unused.

Splitting /mnt/image.gz.crypt...
Created sampleimage.part.00
Created sampleimage.part.01
Created sampleimage.part.02
Created sampleimage.part.03
...
Created sampleimage.part.22
Created sampleimage.part.23
Generating digests for each part...
Digests generated.
Creating bundle manifest...
Bundle Volume complete.

This command may take several minutes to complete. Once the bundling process is complete, the AMI, its associated manifest file, and image parts are in the /mnt directory. You can confirm this using the command in the following example.

# ls -l /mnt/sampleimage.*
-rw-r--r--  1 root root 1611661312 Jun 20 10:12 /mnt/sampleimage.image
-rw-r--r--  1 root root   10485760 Jun 20 10:12 /mnt/sampleimage.part.00
-rw-r--r--  1 root root   10485760 Jun 20 10:12 /mnt/sampleimage.part.01
-rw-r--r--  1 root root   10485760 Jun 20 10:12 /mnt/sampleimage.part.02
-rw-r--r--  1 root root   10485760 Jun 20 10:12 /mnt/sampleimage.part.03
...
-rw-r--r--  1 root root   10485760 Jun 20 10:12 /mnt/sampleimage.part.22
-rw-r--r--  1 root root   10485760 Jun 20 10:12 /mnt/sampleimage.part.23
-rw-r--r--  1 root root       2970 Jun 20 10:12 /mnt/sampleimage.manifest

Uploading the AMI to Amazon S3

All AMIs are loaded from Amazon S3 storage. The newly bundled AMI needs to be uploaded to an existing account on Amazon S3 such as the one you created in Signing up for Amazon S3.

Amazon S3 stores data objects in buckets, which are similar in concept to directories. You'll need to specify a bucket name in the following example as <your-s3-bucket>. Buckets have globally unique names and are owned by unique users. If you have used S3 before, you can use any of your existing buckets or just give ec2-upload-bundle any name that makes sense to you. The ec2-upload-bundle utility will upload the bundled AMI to a specified bucket. If the specified bucket does not exist it will create it. If the specified bucket belongs to another user ec2-upload-bundle will fail, and you will have to try a different name.

For this step you'll need your AWS Access Key ID (<aws-access-key-id>) and AWS Secret Access Key (<aws-secret-access-key>). For information on how to find these keys, see Signing up for Amazon S3.

The upload process can be quite lengthy, but you will get continuous feedback until the upload has completed as shown in the following example.

# ec2-upload-bundle -b <your-s3-bucket> -m /mnt/image.manifest.xml -a <aws-access-key-id> -s <aws-secret-access-key> 
Encrypting bundle manifest...
Completed encryption.
Uploading encrypted manifest...
Uploaded encrypted manifest to https://s3.amazonaws.com/<your-s3-bucket>/image.manifest.xml.
Uploading bundled AMI parts to https://s3.amazonaws.com/<your-s3-bucket>/sampleimage...
Uploaded sampleimage.part.00 to https://s3.amazonaws.com/<your-s3-bucket>/sampleimage.part.00.
Uploaded sampleimage.part.01 to https://s3.amazonaws.com/<your-s3-bucket>/sampleimage.part.01.
Uploaded sampleimage.part.02 to https://s3.amazonaws.com/<your-s3-bucket>/sampleimage.part.02.
Uploaded sampleimage.part.03 to https://s3.amazonaws.com/<your-s3-bucket>/sampleimage.part.03.
...
Uploaded sampleimage.part.23 to https://s3.amazonaws.com/<your-s3-bucket>/sampleimage.part.23.
Uploaded sampleimage.part.24 to https://s3.amazonaws.com/<your-s3-bucket>/sampleimage.part.24.
Upload Bundle complete.

	Note
	Bear in mind that once the bundle has been uploaded to Amazon S3, you will be charged for the storage. You may remove the image from Amazon S3 as described in Removing Your AMI from Amazon S3.

At this point your new image is ready to be registered and launched, and you can log out of your ssh session.

Registering the AMI

Your image must be registered with Amazon EC2, so we can locate it and run instances based on it.

	Note
	If you make any changes to the source image stored in Amazon S3, you must re-register the image.

To register the AMI you uploaded to Amazon S3

Execute the following command:
```
PROMPT> ec2-register <your-s3-bucket>/image.manifest.xml
IMAGE ami-2bb65342 
```
Amazon EC2 returns an AMI identifier, the value next to the IMAGE tag (ami-2bb65342 in the example) that can be used to run instances.

Running Instances

You can now run an instance of the modified AMI by specifying the image identifier you received when you registered the image.

To run an instance

Execute the following command, substituting the image identifier with that received in Registering the AMI:
```
PROMPT> ec2-run-instances ami-5bae4b32 
RESERVATION     r-3d30c354      924417782495    default
INSTANCE i-10a64379 ami-5bae4b32 pending 0 m1.small 2007-07-11T16:40:44+0000 us-east-1a  
 
```
Amazon EC2 starts a single instance based on your newly created AMI and provides you with an instance identifier, the value immediately to the right of the INSTANCE tag, that can be used to monitor the status of the running instance. For information on confirming the instance is up and running, see Running an Instance,

You now have your very own image starting up and getting ready. You can monitor its status until it's ready and then connect to it with your web browser to confirm the changes you had made are actually live. If you want to ssh in and take a look around, you can do so using the keypair you created in the Connecting to your Instance. The keypair you launched that instance with was included in your new AMI during the bundling process.

Next Steps

You have successfully built and deployed your very own AMI, and run instances based on it. This custom AMI is private to your account. You can build as many custom AMIs as required and use them to launch as many instances as you need.

With these simple building blocks and the other public AMIs made available by Amazon and third-parties, you're well positioned to realize the full benefits of Amazon EC2.

	Note
	AMIs published by third parties should be launched with caution. Amazon does not vet public AMIs. We recommend checking the forums for community feedback on a public AMI before launching it, and taking necessary precautions after launching it.