Creating a custom AMI from scratch can be a daunting task, not to mention time consuming. There are a lot of public AMI’s that are a pretty good start to many tasks, so it might be easier and quicker to just customize one. I’ll assume that you have already:
- Signed up for EC2
- Installed and Setup the EC2 Command Line Tools
- Launched an instance of the AMI you wish to customize.
- Customized the instance and it is still running.
- Can SSH into the instance with PuTTY.
So you’ve got your image all polished up just the way you want it. Now what? Well, first you need to save your x509 EC2 certificate to the image. The most straight forward way to accomplish this is to open your certificate locally and copy all the text to your clip board. Now hop over to putty, type
> vi /mnt/cert.pem and hit enter. This will create a file called cert.pem in /mnt and open it for editing. (NOTE: The image bundling utility will ignore certain sub folders when it creates the image. One of those is /mnt which makes it a good place to store things like private key files and the new image itself that you wouldn’t want bundled with the image.) Press ESC followed by i to enter INSERT mode. Now you can paste the text of your certificate into PuTTY by simply right clicking in the PuTTY window. Do the same for your private key file saving it to
/mnt/privatekey.pem. OK, now you’re ready to bundle the AMI and save the image. run the following command from the console of the AMI you customized:
ec2-bundle-vol -d <path to save the image> -k <path to private key file> -c <path to certificate file> -u <user account number>
<path to save the image> = Where you want to save the AMI that you are bundling. I suggest something like /mnt/ami so that the image won’t be included in the bundled image. (That would be rather redundant!)
<path to private key file> = The path to your private key file on the image. In this example we used /mnt/privatekey.pem.
<path to certificate file> = The path to your certificate file on the image. In this example we used /mnt/cert.pem.
<user account number> = Your Amazon Web Services account number. You can find this by logging into the AWS site and clicking on Access Identifiers. Your account number is listed near the top right corner right under “Welcome, Your Name”.
Alright, now we need to upload the image S3 so that it will be usable. From the console of the image run the following command:
ec2-upload-bundle -b <bucket name> -m <path to manifest file> -a <access key> -s <secret key>
<bucket name> = The bucket in your S3 account that you want to save the image to.
<path to manifest file> = Path to manifest.xml created by the image bundling tool. In this example /mnt/ami/manifest.xml.
<access key> = Your AWS access key from the Access Identifiers page of AWS.
<secret key> = Your AWS secret key from the Access Identifiers page of AWS.
We’re almost done! Now you just need to register the image with EC2. From your desktop (not the image you customized.) run the following command:
Congratulations! You now have a customized AMI ready to be launched.