Creating New EC2 Images for Amazon Web Services - dummies

Creating New EC2 Images for Amazon Web Services

By Bernard Golden

Though it’s certainly possible to use images that have been created by Amazon or other third parties, you may at some point want to create your own images (EBS- or S3-backed), for two reasons:

  • You have used an Amazon image, or another third-party image, and you have extended it by installing your own software components, and now you want to use the extended image as your baseline image going forward rather than endure the launch image/install software cycle for every instance you launch.

  • You want to use your own system as the basis for the images you use because of a general preference or a concern about the security of the image.

Creating EBS-backed images

The image-creation process varies based on whether you’re creating an EBS- or an S3-backed image, and whether you’re creating a Linux- or Windows-based image.

The EBS-backed image creation process is significantly simpler, though it’s accompanied by limitations. Typically, you start with an already existing EBS-backed instance that you have modified. However, it’s possible to create an EBS-backed image from an S3-backed instance — though it’s possible only if the instance is Linux-based. Creating an EBS-backed Windows image from an S3-backed Windows instance isn’t possible.

You can easily create an EBS-backed image from the AWS management console by right-clicking the target instance in the instance listing. One item on the contextual menu that appears is Create Image (EBS AMI). The AWS management console handles everything from there.

During the image creation process, AWS stops the instance from which you’re creating the image in order to have a stable instance. If you have additional EBS volumes attached to the instance, AWS creates (and attaches) fresh volumes to the new image; however, there’s no data on those volumes.

You can also use a set of AWS API tools to create an EBS-backed image. You install the tools on the instance from which you want to create a new image and then execute the ec2-create-image command.

This is possible only in Linux-based instances; Windows-based EBS-backed images can be created only via the AWS management console. This command requires that the access key and secret access key be available to confirm your right to create the image.

Creating S3-backed images

The process of creating S3-backed images can be more complex than creating EBS-backed images, depending on whether you’re creating a Windows-based or Linux-based image.

For Windows-based images, you follow a process similar to the one for Windows-based EBS-backed images. You start with an S3-backed Windows instance, extend it by installing additional software components, and then right-click the instance in the AWS management console and select Bundle Instance (Instance Store AMI) from the menu that appears.

S3-backed images (Amazon refers to them as instance-stored images) require a separate bucket — in fact, it can be a top-level, uniquely named bucket in your account or a folder within a top-level bucket — in your S3 account in which to store the Windows AMI, so you must create that bucket before beginning the image creation process.

After you select Bundle Instance (Instance Store AMI) from the contextual menu, the AWS management console completes the bundling process.

The process (generally speaking) goes like this:

  1. Launch an S3-backed Linux instance.

  2. Modify the instance by adding software components.

  3. Install the AWS AMI tools.

  4. Copy your X.509 certificate and private key to the instance.

    Note: These items should be placed in a nonroot area of the file system so that AWS doesn’t include them in the resulting AMI. They’re included so that AWS can store them and use them in the AMI launch process, but you don’t want to include the certificate and private key in an area of the resulting AMI where someone can find them, which would compromise your account security.

  5. Run the ec2-bundle-vol command to create the collection of 10MB files and the XML manifest file that describes the AMI.

  6. Upload the bundle to S3 using the ec2-upload-bundle command.

  7. Register the new AMI in EC2.