Amazon Elastic Compute Cloud
User Guide (API Version 2011-12-15)
AWS Documentation » Amazon EC2 » User Guide » Using Amazon EC2 » Using AMIs » Creating Your Own AMIs » Bundling Amazon EC2 instance store-backed Linux/UNIX AMIs » From an Existing AMI
Print this pageEmail this pageGo to the ForumsView the PDFShare this page on TwitterShare this page on FacebookBookmark this page on DeliciousSubmit this page to RedditSubmit this page to DiggDid this page help you?  Yes  No   Tell us about it...

From an Existing AMI

To quickly and easily get a new working AMI, start with an existing public AMI or one of your own. You can then modify it and create a new AMI.

[Note]Note

Before you select an AMI, determine whether the instance types you plan to launch are 32-bit or 64-bit. For more information, see Instance Families and Types.

Make sure you are using GNU Tar 1.15 or later.

The following diagram shows the general tasks in creating Amazon EC2 instance store-backed Linux/UNIX AMIs from an existing AMI.

Process to create Amazon EC2 instance store-backed Linux/UNIX AMI from an existing AMI

Tasks to Use an Existing AMI to Create a New AMI

1

Customize an Instance

2

Upload the Key and Certificate

3

Bundle a Customized Image (Requires Root Privileges)

4

Upload a Bundled AMI

5

Register the AMI


Customize an Instance

Customizing an instance involves the following series of steps:

  1. Selecting an AMI from available AMIs.

  2. Launching an instance from the AMI you selected.

  3. Making changes to (thus, customizing) the instance, such as altering the Linux configuration, adding software, and configuring web applications.

For more information, see Launching and Using Instances.

After you've launched an instance according to your specifications, proceed to the next steps to create a new AMI using the customized instance.

Upload the Key and Certificate

Your new AMI should be encrypted and signed to ensure that only you and Amazon EC2 can access it. To make this happen, you must upload your Amazon EC2 private key and X.509 certificate to an instance store directory on your running instance. The private key and the certificate will be used in the AMI bundling process. For information on obtaining your Amazon EC2 private key and X.509 certificate, see How to Create an X.509 Certificate and Private Key.

An Amazon Linux AMI mounts the instance store on /media/ephemeral0. If you are using an Amazon Linux AMI, you must first login to your running instance as ec2-user and use the following code to grant write permissions to the instance store before you can upload the private key and the certificate.

$  sudo chmod 777/media/ephemeral0
[Note]Note

Non Amazon Linux AMIs use different login names (for example, root, ubuntu, etc.,) and a different location to mount the instance store (for example, /mnt).

To upload your Amazon EC2 private key and X.509 certificate

  • Copy your Amazon EC2 private key and X.509 certificate to the directory where an instance store is mounted using a secure copy function such as SCP.

    The following code shows the syntax to use with the scp command.

    $ scp -i <keypair_name> <private_keyfile> <certificate_file> <username>@<dns_location>
							<instance store directory>

    Where,

    ParameterDescription

    keypair_name

    Name of your key pair.

    private_keyfile

    File that contains the private key.

    certificate_file

    File that contains the certificate.

    username

    Login name you use to log in to your instance.

    dns_location

    DNS location of the instance within Amazon EC2.

    instance store directory

    Directory where your instance store is mounted.

    [Note]Note

    It is important to upload the key and certificate files into the instance store directory of your instance to prevent them from being bundled with the new AMI.

    Amazon EC2 returns the name of the files and some performance statistics.

Example

The following is an example of a fully specified scp command using the Amazon Linux AMI. 

$ scp  -i id_rsa-gsg-keypair pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
ec2-user@ec2-67-202-51-223.compute-1.amazonaws.com:/media/ephemeral0
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem  100%  717     0.7KB/s   00:00
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
100%  685     0.7KB/s   00:00

Bundle a Customized Image (Requires Root Privileges)

When you have the image that meets your specifications, you need to bundle it.

To bundle a customized image

  • Enter the following command:

    # ec2-bundle-vol -k <private_keyfile> -c <certificate_file> -u <user_id>

    The <private_keyfile> is the file that contains the private key, <certificate_file> is the file that contains the certificate, and <user_id> is the ID associated with your AWS account.

    [Note]Note

    Make sure to disable SELinux when running ec2-bundle-vol.

    [Note]Note

    The user ID is your AWS account ID without dashes. It consists of 12 to 15 characters, and it's not the same as your Access Key ID. For information about viewing your account ID, see Viewing Your Account ID.

Example

This command bundles the local machine root file system.

# ec2-bundle-vol -k pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -c cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -u 111122223333
							
Please specify a value for arch [i386]:
Copying / into the image file /tmp/image...
Excluding:
/sys
...
...
1+0 records in
1+0 records out
1048576 bytes (1.0 MB) copied, 0.00172 s, 610 MB/s
mke2fs 1.40.4 (31-Dec-2007)
...
Bundling image file...
Splitting /tmp/image.tar.gz.enc...
Created image.part.00
Created image.part.01
...
Created image.part.NN
Generating digests for each part...
Digests generated.
Creating bundle manifest...
ec2-bundle-vol complete.

Upload a Bundled AMI

You must upload the bundled AMI to Amazon S3 before Amazon EC2 can access it. This task is necessary when you create Amazon EC2 instance store-backed AMIs from an existing file or from a loopback. Use ec2-upload-bundle to upload the bundled AMI that you created earlier. Amazon S3 stores data objects in buckets, which are similar to directories.

Buckets must have globally unique names. The ec2-upload-bundle utility uploads the bundled AMI to a specified bucket. If the specified bucket does not exist, it will be created. If the specified bucket exists and belongs to another AWS account, the ec2-upload-bundle command will fail.

To upload the bundled AMI

  • Enter the following command:

    # ec2-upload-bundle -b <bucket> -m <manifest_path> -a <access_key> -s <secret_key>

    The <bucket> is the target bucket (you can bundle to a "subfolder"; e.g., my-bucket/ami-image-folder), <access_key> is your AWS Access Key, and <secret_key> is your AWS Secret Key. The -m <manifest_path> is the full path to the manifest file (e.g., /tmp/image.manifest.xml).

    The AMI manifest file and all image parts are uploaded to Amazon S3. The manifest file is encrypted with the Amazon EC2 public key before being uploaded.

Register the AMI

Your must register your image with Amazon EC2, so Amazon EC2 can locate it and run instances based on it. This task is necessary when you create Amazon EC2 instance store-backed AMIs from an existing file or from a loopback.

[Note]Note

If you make any changes to the source image stored in Amazon S3, you must reregister the image.

To register the AMI that you created and uploaded to Amazon S3

  • Enter the following command (note that it is part of the Amazon EC2 API tools, and not the AMI tools):

    PROMPT> ec2-register <your-s3-bucket>/image.manifest.xml -n image_name
IMAGE ami-2bb65342

    Amazon EC2 returns an AMI identifier, the value next to the IMAGE tag (ami-2bb65342 in the example), that you can use to run instances.

Document Conventions
Terms of Use		Did this page help you?  Yes  No   Tell us about it...