Skip to content

Instantly share code, notes, and snippets.

@amphied

amphied/awscli-ami-with-enc-boot.txt

Last active July 26, 2019 15:52
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save amphied/040d9601b5aaa67af4d577e17dcf6c2f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save amphied/040d9601b5aaa67af4d577e17dcf6c2f to your computer and use it in GitHub Desktop.
Download ZIP
AWS CLI: creating and sharing an AMI with encrypted root volume
Raw
awscli-ami-with-enc-boot.txt
$ aws --region eu-west-1 ec2 copy-image --description "test-enc" --encrypted --kms-key-id "alias/test-enc" --name "test-enc" --source-image-id ami-0b0aea60d5230c42c --source-region eu-west-1
--------------------------------------
| CopyImage |
+----------+-------------------------+
| ImageId | ami-0504c6aba12345678 |
+----------+-------------------------+
$ aws --region eu-west-1 ec2 modify-image-attribute --image-id ami-0504c6aba12345678 --launch-permission "Add=[{UserId=234567890123}]"
$ aws --region eu-west-1 ec2 describe-images --image-id ami-0504c6aba12345678
---------------------------------------------------------
| DescribeImages |
+-------------------------------------------------------+
|| Images ||
|+----------------------+------------------------------+|
|| Architecture | x86_64 ||
|| CreationDate | 2019-02-26T22:47:49.000Z ||
|| Description | test-enc ||
|| EnaSupport | True ||
|| Hypervisor | xen ||
|| ImageId | ami-0504c6aba12345678 ||
|| ImageLocation | 123456789012/test-enc ||
|| ImageType | machine ||
|| Name | test-enc ||
|| OwnerId | 123456789012 ||
|| Public | False ||
|| RootDeviceName | /dev/sda1 ||
|| RootDeviceType | ebs ||
|| SriovNetSupport | simple ||
|| State | available ||
|| VirtualizationType | hvm ||
|+----------------------+------------------------------+|
||| BlockDeviceMappings |||
||+--------------------------+------------------------+||
||| DeviceName | /dev/sda1 |||
||| VirtualName | |||
||+--------------------------+------------------------+||
|||| Ebs ||||
|||+----------------------+--------------------------+|||
|||| DeleteOnTermination | True ||||
|||| Encrypted | True ||||
|||| SnapshotId | snap-0b079cc0212345678 ||||
|||| VolumeSize | 8 ||||
|||| VolumeType | gp2 ||||
|||+----------------------+--------------------------+|||
||| BlockDeviceMappings |||
||+-------------------------+-------------------------+||
||| DeviceName | /dev/sdb |||
||| VirtualName | ephemeral0 |||
||+-------------------------+-------------------------+||
||| BlockDeviceMappings |||
||+-------------------------+-------------------------+||
||| DeviceName | /dev/sdc |||
||| VirtualName | ephemeral1 |||
||+-------------------------+-------------------------+||
$ aws --region eu-west-1 ec2 describe-image-attribute --image-id ami-0504c6aba12345678 --attribute launchPermission
--------------------------------------
| DescribeImageAttribute |
+----------+-------------------------+
| ImageId | ami-0504c6aba12345678 |
+----------+-------------------------+
|| LaunchPermissions ||
|+----------------------------------+|
|| UserId ||
|+----------------------------------+|
|| 234567890123 ||
|+----------------------------------+|
$ aws --region eu-west-1 ec2 describe-snapshots --snapshot-ids snap-0b079cc0212345678
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| DescribeSnapshots |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|| Snapshots ||
|+-------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+|
|| Description| Copied for DestinationAmi ami-0504c6aba12345678 from SourceAmi ami-0b0aea60d5230c42c for SourceSnapshot snap-029c841b02d957dd6. Task created on 1,551,221,269,368. ||
|| Encrypted | True ||
|| KmsKeyId | arn:aws:kms:eu-west-1:123456789012:key/12345678-1234-1234-1234-123456789012 ||
|| OwnerId | 123456789012 ||
|| Progress | 100% ||
|| SnapshotId | snap-0b079cc0212345678 ||
|| StartTime | 2019-02-26T22:47:56.000Z ||
|| State | completed ||
|| VolumeId | vol-ffffffff ||
|| VolumeSize | 8 ||
|+-------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+|
$ aws --region eu-west-1 ec2 describe-snapshot-attribute --snapshot-id snap-0b079cc0212345678 --attribute createVolumePermission
------------------------------------------
| DescribeSnapshotAttribute |
+-------------+--------------------------+
| SnapshotId | snap-0b079cc0212345678 |
+-------------+--------------------------+
@amphied
Copy link
Author

amphied commented Feb 27, 2019
edited
Loading

running in the secondary account (234567890123)

$ aws --region eu-west-1 ec2 describe-images --image-id ami-0504c6aba12345678
---------------------------------------------------------
|                    DescribeImages                     |
+-------------------------------------------------------+
||                       Images                        ||
|+----------------------+------------------------------+|
||  Architecture        |  x86_64                      ||
||  CreationDate        |  2019-02-26T22:47:49.000Z    ||
||  Description         |  test-enc                    ||
||  EnaSupport          |  True                        ||
||  Hypervisor          |  xen                         ||
||  ImageId             |  ami-0504c6aba12345678       ||
||  ImageLocation       |  123456789012/test-enc       ||
||  ImageType           |  machine                     ||
||  Name                |  test-enc                    ||
||  OwnerId             |  123456789012                ||
||  Public              |  False                       ||
||  RootDeviceName      |  /dev/sda1                   ||
||  RootDeviceType      |  ebs                         ||
||  SriovNetSupport     |  simple                      ||
||  State               |  available                   ||
||  VirtualizationType  |  hvm                         ||
|+----------------------+------------------------------+|
|||                BlockDeviceMappings                |||
||+--------------------------+------------------------+||
|||  DeviceName              |  /dev/sda1             |||
|||  VirtualName             |                        |||
||+--------------------------+------------------------+||
||||                       Ebs                       ||||
|||+----------------------+--------------------------+|||
||||  DeleteOnTermination |  True                    ||||
||||  Encrypted           |  True                    ||||
||||  SnapshotId          |  snap-0b079cc0212345678  ||||
||||  VolumeSize          |  8                       ||||
||||  VolumeType          |  gp2                     ||||
|||+----------------------+--------------------------+|||
|||                BlockDeviceMappings                |||
||+-------------------------+-------------------------+||
|||  DeviceName             |  /dev/sdb               |||
|||  VirtualName            |  ephemeral0             |||
||+-------------------------+-------------------------+||
|||                BlockDeviceMappings                |||
||+-------------------------+-------------------------+||
|||  DeviceName             |  /dev/sdc               |||
|||  VirtualName            |  ephemeral1             |||
||+-------------------------+-------------------------+||

$ aws --region eu-west-1 ec2 describe-image-attribute --image-id ami-0504c6aba12345678 --attribute launchPermission

An error occurred (AuthFailure) when calling the DescribeImageAttribute operation: Not authorized for image:ami-0504c6aba12345678

$ aws --region eu-west-1 ec2 describe-snapshots --snapshot-ids snap-0b079cc0212345678

An error occurred (InvalidSnapshot.NotFound) when calling the DescribeSnapshots operation: The snapshot 'snap-0b079cc0212345678' does not exist.

$ aws --region eu-west-1 ec2 describe-snapshot-attribute --snapshot-id snap-0b079cc0212345678 --attribute createVolumePermission

An error occurred (InvalidSnapshot.NotFound) when calling the DescribeSnapshotAttribute operation: None

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment