I'm trying to use CDK (python) to copy three AMIs to another region and share it in that region with our organisation ARN. I can copy the image ok, although I still need to implement isComplete somehow so it waits for the copy to finish.
The main problem I'm having is I can't work out how to share the resource image. I tried using another AwsCustomResource, but it doesn't quite feel right, I feel I should be creating a construct that does both things, then calling that in the stack. And I can't work out how to get the imageId from the object that copies the image to the new region.
Here's the code I have so far, I'd welcome any pointers too, I'm still quite new to python and CDK.
Thank you
EDIT: OK, so I finally got the AwsCustomResource that shares the image to get the image ID from the resource that copies the AMI (updated code below). Only thing left now is to wait until the AMI copy is complete before trying to share it.
Correct me if I'm wrong, but it looks like there is no included isComplete provider like there is for on_create, on_delete, etc. which means that I'll have to write a lambda function for all of them. Does that sound about right?
from aws_cdk import (
Stack,
custom_resources as cr,
)
import environments as environment
from constructs import Construct
class CloneAMIsStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
copyDockerAMI = cr.AwsCustomResource(
self, "copyDockerAMI",
on_create=cr.AwsSdkCall(
service="EC2",
action="copyImage",
parameters={
"Name": "V2 Docker/Bob Template Image",
"SourceImageId": "ami-0df3172afe20a2115",
"SourceRegion": "ap-southeast-2"
},
physical_resource_id=cr.PhysicalResourceId.of("ami-0df3172afe20a2115")
),
on_delete=cr.AwsSdkCall(
service="EC2",
action="deregisterImage",
parameters={
"imageID": cr.PhysicalResourceIdReference()
}
),
policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
)
)
copyGenericDBAMI = cr.AwsCustomResource(
self, "copyGenericDBAMI",
on_create=cr.AwsSdkCall(
service="EC2",
action="copyImage",
parameters={
"Name": "V2 PSQL Template Image __Not Master__",
"SourceImageId": "ami-079e4f4d0619cbe44",
"SourceRegion": "ap-southeast-2"
},
physical_resource_id=cr.PhysicalResourceId.of("ami-079e4f4d0619cbe44")
),
on_delete=cr.AwsSdkCall(
service="EC2",
action="deregisterImage",
parameters={
"imageID": cr.PhysicalResourceIdReference()
}
),
policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
)
)
copyMasterDBAMI = cr.AwsCustomResource(
self, "copyMasterDBAMI",
on_create=cr.AwsSdkCall(
service="EC2",
action="copyImage",
parameters={
"Name": "V2 Master PSQL Template Image",
"SourceImageId": "ami-0b2b6d34545dc6f33",
"SourceRegion": "ap-southeast-2"
},
physical_resource_id=cr.PhysicalResourceId.of("ami-0b2b6d34545dc6f33")
),
on_delete=cr.AwsSdkCall(
service="EC2",
action="deregisterImage",
parameters={
"imageID": cr.PhysicalResourceIdReference()
}
),
policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
)
)
ShareDockerAMI = cr.AwsCustomResource(
self, "shareDockerAMI",
on_create=cr.AwsSdkCall(
service="EC2",
action="modifyImageAttribute",
parameters={
"ImageId": copyDockerAMI.get_response_field("ImageId"),
"Attribute": "launchPermission",
"LaunchPermission": {
"Add": [
{
"OrganizationArn": "arn:aws:organizations::123456789012:organization/o-1234567890"
}
]
},
},
physical_resource_id=cr.PhysicalResourceId.of(copyDockerAMI.get_response_field("ImageId"))
),
policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
)
)
ShareGenericDBAMI = cr.AwsCustomResource(
self, "shareGenericDBAMI",
on_create=cr.AwsSdkCall(
service="EC2",
action="modifyImageAttribute",
parameters={
"ImageId": copyGenericDBAMI.get_response_field("ImageId"),
"Attribute": "launchPermission",
"LaunchPermission": {
"Add": [
{
"OrganizationArn": "arn:aws:organizations::123456789012:organization/o-1234567890"
}
]
},
},
physical_resource_id=cr.PhysicalResourceId.of(copyGenericDBAMI.get_response_field("ImageId"))
),
policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
)
)
ShareMasterDBAMI = cr.AwsCustomResource(
self, "shareMasterDBAMI",
on_create=cr.AwsSdkCall(
service="EC2",
action="modifyImageAttribute",
parameters={
"ImageId": copyMasterDBAMI.get_response_field("ImageId"),
"Attribute": "launchPermission",
"LaunchPermission": {
"Add": [
{
"OrganizationArn": "arn:aws:organizations::123456789012:organization/o-1234567890"
}
]
},
},
physical_resource_id=cr.PhysicalResourceId.of(copyMasterDBAMI.get_response_field("ImageId"))
),
policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
)
)
