To create an Instance Store backed AMI, you will need the ec2-ami-tools to bundle the volume and upload it to S3, then the ec2-api-tools in order to register the image.

First we need to install the ec2-ami-tools on the instance to be imaged; to see how to do that, read our article: HowTo: Install AWS CLI - Amazon Elastic Compute Cloud (EC2) - AMI Tools. You will also need ec2-api-tools, however it can be on another server. To see how to install it, see our article: HowTo: Install AWS CLI - Amazon Elastic Compute Cloud (EC2) - API Tools.

What you’ll need

  • x.509 certificate
  • x.509 private key
  • AWS Account Number
  • AWS Access Key ID
  • AWS Secret Access Key

If your account is not an IAM account, you can get all this information from the Security Credentials page on the AWS site. If your account is an IAM account, your AWS Secret Access Key was generated with the IAM action CreateAccessKey, there is no way to get it back after that, so if you’ve lost it, create a new access key. See our article HowTo: Generate an X.509 Certificate for an Amazon IAM User on how to generate a x.509 certificates for an IAM account. And the account number can be found in the Amazon Resource Name (ARN), which can be seen in the IAM action GetUser. See Identifiers for IAM Entities for more info on ARNs.

Copy your x.509 certificates (for this article cert.pem for the certificate and pk.pem for the private key) to the /mnt directory of the instance to be imaged.

ec2-bundle-vol

The first command is ec2-bundle-vol. It needs your AWS account number (without dashes), your x.509 certificates, what architecture the instance is (i386 or x86_64) and what files to include. By default it skips .pem files, which at worst prevents you from running ec2-bundle-vol on the resulting image, and if it is Ubuntu prevents apt-get from working.

Console - user@hostname ~ $

1
2
3
4
5
6
7
8
mkdir -p /mnt/out
ec2-bundle-vol \
--user 123456789012 \
--privatekey /mnt/pk.pem \
--cert /mnt/cert.pem \
--arch x86_64 \
--destination /mnt/out \
--include `find / -name "*.pem" | grep -v "^/mnt" | grep -v "^/home" | tr '\n' ','`

ec2-upload-bundle

With the bundle complete, it now needs to be uploaded to S3.

Console - user@hostname ~ $

1
2
3
4
5
ec2-upload-bundle \
--manifest /mnt/out/image.manifest.xml \
--bucket your_bucket/key_prefix \
--access-key C99F5C7EE00F1EXAMPLE \
--secret-key a63xWEj9ZFbigxqA7wI3Nuwj3mte3RDBdEXAMPLE

RegisterImage / ec2-register

Finally we need to register the bundle as an AMI.

Console - user@hostname ~ $

1
2
3
4
5
6
ec2-register \
--region us-east-1 \
--kernel aki-805ea7e9 \
--name "image-name" \
--description "Some description" \
your_bucket/key_prefix/image.manifest.xml