如何将 AMI 从一个 aws 帐户复制到另一个 aws 帐户?
how to copy AMI from one aws account to other aws account?
我正在尝试使用打包程序将自定义构建的 ami 从一个 AWS 账户复制到另一个 AWS 账户;但是,我能够在一个帐户内跨区域复制 ami。
"builders": [{
"account_id": "12345678910",
"s3_bucket": "xyz/xqas/asd",
"x509_cert_path": "/Users/txyz/packer/certificate.pem",
"x509_key_path": "/Users/txyz/packer/private-key.pem",
"type": "amazon-instance",
"access_key": "{{useraccess_key}}",
"secret_key": "{{usersecret_key}}",
"region": "us-east-1",
"source_ami": "ami-452bd728",
"instance_type": "r3.xlarge",
"ssh_username": "ubuntu",
"ami_name": "packer-test-hvm {{timestamp}}",
"ami_virtualization_type": "hvm",
"force_deregister": true,
"ami_regions": ["us-east-1", "us-west-2"]
}],
在需要传输的AMI中使用AWS ClI和运行以下命令
ec2-modify-image-attribute ami-2bb65342 -l -a 111122223333
有关可用的其他选项,请参阅本指南
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html
以下 awscli 命令将向指定帐户 ID 添加启动权限。这实现了类似的效果,尽管在技术上没有复制 ami。
aws ec2 modify-image-attribute --image-id <image id> --launch-permission "Add=[{UserId=<account-id>}]"
使用 Packer,您可以通过这种方式将 AMI 从一个帐户共享到另一个帐户。
请始终参考 Packer 文档:-https://www.packer.io/docs/builders/amazon/ebs 在这里您可以找到所有信息。
在“ami_users”部分,您可以提及需要与之共享的 AWS 账户。
"ami_users": ["{{user `REMOTE_AWS_ACCOUNT_ID`}}"]
完整代码
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{ user `aws_access_key` }}",
"secret_key": "{{ user `aws_secret_key` }}",
"region": "{{ user `region` }}",
"launch_block_device_mappings" : [
{
"device_name": "/dev/sda1",
"volume_size": 60
}
],
"instance_type": "t2.large",
"ami_users": "{{ user `REMOTE_AWS_ACCOUNT_ID` }}",
"source_ami": "{{ user `source_ami` }}",
"ami_name": "xyz-ami",
"user_data_file": "./bootstrap_win.txt",
"communicator": "winrm",
"winrm_username": "Administrator",
"winrm_password": "XXXXXXXXX",
"tags": [{"Name":"testing","release":"packer"}],
"ami_regions": [
"ap-southeast-2",
"us-east-2"
]
}
],
假设您想将 AMI 从账户 A 移动到账户 B,那么您可以使用 AWS CLI 来完成。
假设您已经设置了 2 AWS 账户凭证。
# cat ~/.aws/credentials
[account_a]
aws_access_key_id = aaaaaaaaaaaaaaaaaaa
aws_secret_access_key = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
[account_b]
aws_access_key_id = bbbbbbbbbbbbbbbbbb
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
然后使用 account_a 运行 下面的命令从 运行ning 实例构建映像 (AMI):(如果您已经有 AMI,则可以跳过此步骤)
# aws ec2 create-image --profile account_a --region $region --instance-id i-0aaaaaaaaaaaaa1 --name "image_name_here" --no-reboot
分享从 account_a 到 account_b
的 AMI
# aws ec2 --profile account_a --region $region modify-image-attribute --image-id ami-aaaaaaaaaaa --launch-permission "Add=[{UserId=$account_b_id}]"
使用 account_b 查看是否从 account_a
获取共享 AMI
# aws ec2 describe-images --profile account_b --region $region --executable-users self
如果您获得共享 AMI,输出应该会显示,或者您也可以转到 AWS EC2 控制台,单击 Images --> AMIs,然后将 Owned by me 更改为Prviate images,你应该也能看到分享的图片。
额外:
如果您想在 account_b
从共享 AMI 启动一个实例
# aws ec2 run-instances --profile account_b --region $region --image-id ami-aaaaaaaaaaaaa --instance-type t2.micro --key-name $key_pair_for_access_ec2
不要忘记编辑 SSH 端口打开的安全组入站规则
我正在尝试使用打包程序将自定义构建的 ami 从一个 AWS 账户复制到另一个 AWS 账户;但是,我能够在一个帐户内跨区域复制 ami。
"builders": [{
"account_id": "12345678910",
"s3_bucket": "xyz/xqas/asd",
"x509_cert_path": "/Users/txyz/packer/certificate.pem",
"x509_key_path": "/Users/txyz/packer/private-key.pem",
"type": "amazon-instance",
"access_key": "{{useraccess_key}}",
"secret_key": "{{usersecret_key}}",
"region": "us-east-1",
"source_ami": "ami-452bd728",
"instance_type": "r3.xlarge",
"ssh_username": "ubuntu",
"ami_name": "packer-test-hvm {{timestamp}}",
"ami_virtualization_type": "hvm",
"force_deregister": true,
"ami_regions": ["us-east-1", "us-west-2"]
}],
在需要传输的AMI中使用AWS ClI和运行以下命令
ec2-modify-image-attribute ami-2bb65342 -l -a 111122223333
有关可用的其他选项,请参阅本指南
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html
以下 awscli 命令将向指定帐户 ID 添加启动权限。这实现了类似的效果,尽管在技术上没有复制 ami。
aws ec2 modify-image-attribute --image-id <image id> --launch-permission "Add=[{UserId=<account-id>}]"
使用 Packer,您可以通过这种方式将 AMI 从一个帐户共享到另一个帐户。 请始终参考 Packer 文档:-https://www.packer.io/docs/builders/amazon/ebs 在这里您可以找到所有信息。
在“ami_users”部分,您可以提及需要与之共享的 AWS 账户。
"ami_users": ["{{user `REMOTE_AWS_ACCOUNT_ID`}}"]
完整代码
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{ user `aws_access_key` }}",
"secret_key": "{{ user `aws_secret_key` }}",
"region": "{{ user `region` }}",
"launch_block_device_mappings" : [
{
"device_name": "/dev/sda1",
"volume_size": 60
}
],
"instance_type": "t2.large",
"ami_users": "{{ user `REMOTE_AWS_ACCOUNT_ID` }}",
"source_ami": "{{ user `source_ami` }}",
"ami_name": "xyz-ami",
"user_data_file": "./bootstrap_win.txt",
"communicator": "winrm",
"winrm_username": "Administrator",
"winrm_password": "XXXXXXXXX",
"tags": [{"Name":"testing","release":"packer"}],
"ami_regions": [
"ap-southeast-2",
"us-east-2"
]
}
],
假设您想将 AMI 从账户 A 移动到账户 B,那么您可以使用 AWS CLI 来完成。
假设您已经设置了 2 AWS 账户凭证。
# cat ~/.aws/credentials
[account_a]
aws_access_key_id = aaaaaaaaaaaaaaaaaaa
aws_secret_access_key = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
[account_b]
aws_access_key_id = bbbbbbbbbbbbbbbbbb
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
然后使用 account_a 运行 下面的命令从 运行ning 实例构建映像 (AMI):(如果您已经有 AMI,则可以跳过此步骤)
# aws ec2 create-image --profile account_a --region $region --instance-id i-0aaaaaaaaaaaaa1 --name "image_name_here" --no-reboot
分享从 account_a 到 account_b
# aws ec2 --profile account_a --region $region modify-image-attribute --image-id ami-aaaaaaaaaaa --launch-permission "Add=[{UserId=$account_b_id}]"
使用 account_b 查看是否从 account_a
# aws ec2 describe-images --profile account_b --region $region --executable-users self
如果您获得共享 AMI,输出应该会显示,或者您也可以转到 AWS EC2 控制台,单击 Images --> AMIs,然后将 Owned by me 更改为Prviate images,你应该也能看到分享的图片。
额外:
如果您想在 account_b
# aws ec2 run-instances --profile account_b --region $region --image-id ami-aaaaaaaaaaaaa --instance-type t2.micro --key-name $key_pair_for_access_ec2
不要忘记编辑 SSH 端口打开的安全组入站规则