2

Sorry if this supposed to be easily understood from the docs, but I didn't - if I spin up an EC2 instance using one of the easily available Ubuntu EBS-boot AMI's, install a bunch of stuff and move some files around under "/", and then I create an Instance-Store AMI using ec2-bundle-vol, will the data that was actually residing on the EBS volume mounted at "/" make it into the AMI?

Considering that from a user point-of-view, I would expect to find the same things under "/" in a future spin-up of my custom AMI, that I had in the original instance. It would also kind of make sense for Amazon to take a snapshot of the "/" folder to create my AMI (otherwise, what would one take a snapshot of?!), even though the AMI itself is Instance Store based while the original instance was EBS-backed.

Please help me understand this.

What I'm referring to:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-snapshot-s3-linux.html
http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-bundle-vol.html

Thanks.

Dev Kanchen
  • 2,332
  • 3
  • 28
  • 40

1 Answers1

1

Yes, the data on the EBS volume residing on the root volume will make it to the AMI.

From AWS documentation : "By default, the AMI bundling process creates a compressed, encrypted collection of files in the /tmp directory that represent your root volume." http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-instance-store.html

It will of course exclude the private keys and bash history... unless you use the --no-filter option : http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-bundle-vol.html

Procedure for the conversion:

It’s basically the procedure to create an instance store-backed AMI that needs to be followed. You will have to indicate a compatible kernel when registering the AMI though.

  1. set up the EC2 CLI tools on the instance you want to convert (if not already installed)

  2. get a X.509 certificate and private key (it can be self signed: openssl req -x509 -newkey rsa:2048 -keyout private-key.pem -out cert.pem -days 385 -nodes)

  3. connect to the instance you want to convert

  4. move your X.509 certificate and private key to /tmp/ mv private-key.pem cert.pem /tmp/

  5. create the folder /tmp/out/ mkdir /tmp/out

  6. create your bundle: ec2-bundle-vol -k /tmp/private-key.pem -c /tmp/cert.pem -u <account_id> -r x86_64 -d /mnt/out See the documentation for more details http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-upload-bundle.html You may need to hange the block device mapping (e.g. -B root=/dev/sda1)

  7. upload the bundle to a S3 bucket: ec2-upload-bundle -b <bucket_name>/<bundle_folder>/<bundle_name> -a <access_key> -s <secret_key> -m /tmp/out/image.manifest.xml --region <aws_region>

  8. register the AMI: ec2-register --kernel <kernel_id> --region <aws_region> --name “<ami_name>" --description “<ami_description>" <bucket_name>/<bundle_folder>/<bundle_name>/image.manifest.xml -O <access_key> -W <secret_key> See the documentation for more details: http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-RegisterImage.html (see --root-device-name and -b options)

The devices mapping and volumes organisation are different between ebs-backed and instance store-backed instances so you need to make sure everything is where the system expects it to be

Céline Aussourd
  • 10,214
  • 4
  • 32
  • 36
  • Sorry, in my enthusiasm to close my old open questions, I didn't re-read the documentation before throwing the bounty. My question is actually moot - in the very first line of the documentation, it says - "To create an instance store-backed Linux AMI, start from an instance that you've launched from an existing instance store-backed Linux AMI" and the same goes for EBS-backed AMI's. In other words, you cannot create an instance-store AMI if you BEGAN with an EBS-backed AMI, which is what my question was about. – Dev Kanchen Oct 10 '14 at 17:57
  • 1
    No, it's actually possible to convert an EBS-backed instance to a instance store-backed AMI but you need to know your system well. Basically you may need to change the block device mapping when creating the bundle with ec2-bundle-vol with the option -B (e.g. -B root=/dev/sda1) and most important you will have to indicate a compatible kernel when registering the AMI with ec2-register (--kernel ). The devices mapping and volumes organisation are different between ebs-backed and instance store-backed instances so you need to make sure everything is where the system expects it to be. – Céline Aussourd Oct 12 '14 at 09:39
  • Oh - could you please update the answer with details of what is needed to convert an EBS-based instance to an Instance-store AMI then? An outline would be enough for starters, but if there is a link with more detailed instructions that would be really helpful. Thanks! – Dev Kanchen Oct 13 '14 at 10:44
  • Good answer. I followed this to convert EBS backed instance to IS backed AMI. But I could not convert an instance with HVM virtualisation type. It fails in the last register step. It worked for the `para` virtualisation type instances. – shshnk Dec 16 '16 at 16:17