[英]how to copy AMI from one aws account to other aws account?
我正在尝试使用打包程序将自定义构建的 ami 从一个 AWS 账户复制到另一个 AWS 账户; 但是,我能够在一个帐户中跨区域复制 ami。
"builders": [{ "account_id": "12345678910", "s3_bucket": "xyz/xqas/asd", "x509_cert_path": "/Users/txyz/packer/certificate.pem", "x509_key_path": "/Users/txyz/packer/private-key.pem", "type": "amazon-instance", "access_key": "{{user access_key }}", "secret_key": "{{user secret_key }}", "region": "us-east-1", "source_ami": "ami-452bd728", "instance_type": "r3.xlarge", "ssh_username": "ubuntu", "ami_name": "packer-test-hvm {{timestamp}}", "ami_virtualization_type": "hvm", "force_deregister": true, "ami_regions": ["us-east-1", "us-west-2"] }],
使用 AWS ClI 并在需要传输的 AMI 中运行以下命令
ec2-modify-image-attribute ami-2bb65342 -l -a 111122223333
有关其他可用选项,请参阅本指南
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html
以下 awscli 命令将启动权限添加到指定的帐户 ID。 这实现了类似的效果,但在技术上并没有复制 ami。
aws ec2 modify-image-attribute --image-id <image id> --launch-permission "Add=[{UserId=<account-id>}]"
使用 Packer,您可以将 AMI 从一个帐户共享到另一个帐户。 始终参考 Packer 文档:-https://www.packer.io/docs/builders/amazon/ebs 在这里您可以找到所有信息。
在“ami_users”部分,您可以提及您需要与之共享的 AWS 账户。
"ami_users": ["{{user `REMOTE_AWS_ACCOUNT_ID`}}"]
完整代码
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{ user `aws_access_key` }}",
"secret_key": "{{ user `aws_secret_key` }}",
"region": "{{ user `region` }}",
"launch_block_device_mappings" : [
{
"device_name": "/dev/sda1",
"volume_size": 60
}
],
"instance_type": "t2.large",
"ami_users": "{{ user `REMOTE_AWS_ACCOUNT_ID` }}",
"source_ami": "{{ user `source_ami` }}",
"ami_name": "xyz-ami",
"user_data_file": "./bootstrap_win.txt",
"communicator": "winrm",
"winrm_username": "Administrator",
"winrm_password": "XXXXXXXXX",
"tags": [{"Name":"testing","release":"packer"}],
"ami_regions": [
"ap-southeast-2",
"us-east-2"
]
}
],
假设您想将 AMI 从账户 A 移动到账户 B,那么您可以使用 AWS CLI 来执行此操作。
假设您已经设置了 2 AWS 账户凭证。
# cat ~/.aws/credentials
[account_a]
aws_access_key_id = aaaaaaaaaaaaaaaaaaa
aws_secret_access_key = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
[account_b]
aws_access_key_id = bbbbbbbbbbbbbbbbbb
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
然后使用account_a运行以下命令,从正在运行的实例构建映像 (AMI):(如果您已经有 AMI,则可以跳过此步骤)
# aws ec2 create-image --profile account_a --region $region --instance-id i-0aaaaaaaaaaaaa1 --name "image_name_here" --no-reboot
将 AMI 从account_a共享到account_b
# aws ec2 --profile account_a --region $region modify-image-attribute --image-id ami-aaaaaaaaaaa --launch-permission "Add=[{UserId=$account_b_id}]"
使用account_b查看是否从account_a获取共享 AMI
# aws ec2 describe-images --profile account_b --region $region --executable-users self
输出应该显示您是否获得了共享 AMI,或者您也可以转到 AWS EC2 控制台,单击Images --> AMIs ,然后将Owned by me更改为Prviate images ,您也应该能够看到共享图像。
额外的:
如果您想从account_b上的共享 AMI 启动一个实例
# aws ec2 run-instances --profile account_b --region $region --image-id ami-aaaaaaaaaaaaa --instance-type t2.micro --key-name $key_pair_for_access_ec2
不要忘记为打开的 SSH 端口编辑安全组入站规则
如何将AMI AWS帐号权限从一个AMI映像批量复制到另一个?
[英]How do I bulk copy AMI AWS account number permissions from one AMI image to another?
使用 boto 将 AMI 从一个 AWS 账户复制到另一个 AWS 账户
[英]Copy AMI from one AWS account to another AWS account using boto
如何以编程方式将AWS资源从一个AWS账户复制到另一个账户
[英]How to programmatically copy AWS resources from one AWS account to another
将数据从一个AWS账户中的S3存储桶复制到另一个AWS账户中的S3存储桶
[英]Copy data from S3 bucket in one AWS account to S3 bucket in other AWS account
是否有任何boto3功能/ API可用于将快照从一个AWS账户复制到其他AWS账户?
[英]Is there any boto3 function/API available to copy snapshot from one AWS account to other AWS account?
如何将文件从一个 AWS 账户的存储桶复制到另一个 AWS 账户的存储桶?
[英]How to copy files from a bucket on one AWS account to a bucket on another AWS account?
AWS ECR Repository - 如何从一个账户复制图像并推送到另一个账户
[英]AWS ECR Repository - How to copy images from one account and push to another account
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.