EC2 AMI building support in the src tree

Colin Percival cperciva at freebsd.org
Mon Apr 6 04:48:34 UTC 2015 

Hi all,

On Wednesday I finished merging my AMI-building patches into src/release,
and it occurs to me that I should provide updated instructions since the
process I described a few months ago is no longer necessary.

To build EC2 AMIs now, start by installing bsdec2-image-upload and checking
out the src tree (AMI-building bits are currently only in HEAD):

# pkg install bsdec2-image-upload
# svnlite co https://svn0.us-west.FreeBSD.org/base/head /usr/src

Then set up your AWS account and create an AWS key file per my earlier
instructions:
> 1. Create an S3 bucket in the region you want to use (in my case, us-west-2
> aka. Oregon).  I called mine "freebsd-release-staging".
> 2. Create a Lifecycle Rule on the bucket to Permanently Delete objects 1 day
> after the object's creation date.
> 3. Create an IAM user named "freebsd-release-upload".
> 4. Attach a Policy to the IAM user granting permission for:
>  * s3:DeleteObject, s3:GetObject, and s3:PutObject
>    on resource arn:aws:s3:::YOURBUCKETNAME/*
>  * ec2:CopyImage, ec2:CreateSnapshot, ec2:DeleteVolume,
>    ec2:DescribeConversionTasks, ec2:DescribeImages, ec2:DescribeSnapshots,
>    ec2:ImportVolume, ec2:ModifyImageAttribute and ec2:RegisterImage
>    on resource *
> 5. Create AWS Access Keys for the IAM user, and create a file in the format
> ACCESS_KEY_ID=AKIEXAMPLEEXAMPLE
> ACCESS_KEY_SECRET=EXAMPLEEXAMPLEEXAMPLEEXAMPLEEXAMPLE

Make sure there isn't any errant whitespace in the key file, because the
bsdec2-image-upload tool isn't smart enough to remove it.

And finally perform the build:

# cd /usr/src && make buildworld buildkernel
# cd /usr/src/release && make WITH_CLOUDWARE=YES \
      AWSKEYFILE=/root/aws.key AWSREGION=us-west-2 \
      AWSBUCKET=freebsd-release-staging EC2PUBLIC=YES ec2ami

(Omit EC2PUBLIC=YES if you just want to create a private AMI in
a single EC2 region.)

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid

More information about the freebsd-cloud mailing list