How do I automate the creation of AMIs based on my EBS-backed EC2 instance using Systems Manager Automation?

3 分的閱讀內容
0

I want to automate the creation of Amazon Machine Images (AMIs) of Amazon Elastic Compute Cloud (Amazon EC2) instances that are backed by Amazon Elastic Block Store (EBS). How can I do this?

Short description

You can use AWS Systems Manager to create a maintenance window, and then register an Automation task to automate the creation of the AMIs. This process is applicable for both Windows and Linux instances.

The instance that you want to create an AMI for must be listed as a managed instance in Systems Manager. First, verify that the instance meets all prerequisites for using Systems Manager. If the instance uses a private subnet, you can create VPC endpoints for Systems Manager.

Note: (Windows only) Sysprep isn't run on Windows instances before creating an AMI when you use the following automation process.

Resolution

To automate the creation of AMIs, follow these steps:

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent version of the AWS CLI.

  1. Create an AWS Identity and Access Management (IAM) role with permissions to create an AMI for the maintenance window. You can use the IAM console, AWS CLI, or Tools for Windows PowerShell.
  2. Create a maintenance window.
    On the Schedule section, for Specify with, choose Cron schedule builder.
  3. Assign targets to the maintenance window.
  4. Register an Automation task to create an AMI.
    For Actions, choose Register Automation task.
    For Automation document, choose AWS-CreateImage.
    For IAM service role, choose Use a custom service role, and then choose the IAM role that you created in step 1 of this article.
    On the Input parameters section, for InstanceId, enter the pseudo parameter placeholder {{TARGET_ID}} or {{RESOURCE_ID}}.

Note: When entering the pseudo parameter placeholder, keep the following in mind:

If the target type is RESOURCE_GROUP, the {{TARGET_ID}} parameter returns the full ARN of the resource. The {{RESOURCE_ID}} parameter returns a shorter name or ID of the resource.

Examples

  • {{TARGET_ID}} format: arn:aws:ec2:us-east-1:123456789012:instance/i-02573cafcfEXAMPLE
  • {{RESOURCE_ID}} format: i-02573cafcfEXAMPLE

If the target type is INSTANCE, both the {{TARGET_ID}} and {{RESOURCE_ID}} parameters return the instance ID only.

For more information on pseudo parameters, see About pseudo parameters.

For a list of supported pseudo parameters, see Supported pseudo parameters.


Related information

Working with maintenance windows (console)

Systems Manager maintenance windows tutorials (AWS CLI)

Create a standardized Amazon Machine Image (AMI) using Sysprep

How can I restrict access to launch Amazon EC2 instances from only tagged AMIs?

Controlling access during AWS requests

AWS 官方
AWS 官方已更新 2 年前