[AWS] 1-4. AMI, how to copy AMI

[ AMI ]

커스터마이징 인스턴스 이미지

an image to use to create our instances

- As we saw, AWS comes with base images such as : 

  Ubuntu, RedHat, Windows, ... etc

  These images can be customised at runtime using EC2 User data

- AMIs can be built for Linux or Windows machines

 

# Why would you use a custom AMI?

- Using a custom built AMI can provide the following advantages:

- Pre-installed packages needed

- Faster boot time (no need for EC2 user data at boot time)

- Machine comes configured with monitoring/enterprise software

- Security concerns - control over the machines in the network

- Control of maintenance and update of AMIs over time

- Active Directory Integration out of the box

- Installing your app ahead of time (for faster deployes when auto-scaling)

- Using someone else's AMI that is optimised for running an app, DB, etc..

 

# Using Public AMIs

- You can leverage AMIs from other people

- You can also pay for other people's AMI by the hour

  -- These people have optimised the software

  -- The machine is easy to run and configure

  -- You basically rent "expertise" from the AMI creator

- AMI can be found and published on the Amazon Marketplace

* Warning : Do not use an AMI you don't trust, Some AMIs might come with malware or may not be secure

 

[ # AMI Storage ] 

- Your AMI take space and they live in Amazone S3

- Amazon S3 is a durable, cheap and resilient storage where most of your backups will live (but you won't see them in the S3 console)

- By default, your AMIs are private, and locked for your account/region

- An AMI created for a region can only be seen in that region

- AMI is region locked and the same ID cannot be used across regions

- You can also make your AMIs public and share them with our AWS accounts or sell them on the AMI Marketplace

 

[ # AMI pricing ]

- AMIs live in Amazon S3, so you get charged for the actual space in takes in Amazon S3

- Amazon S3 pricing in US-EAST-I:

  First 50TB/month: $0.023 per GB

  Next 450TB/month:$0.022 per GB

- Overall it is quite inexpensive to store private AMIs

- Make sure to remove the AMIs you don't use

 

[ Cross Acount AMI Copy ]

AMI 는 공유가 가능.

타 계정의 AMI 를 복사하고자 할 경우 AMI 소유자가 권한을 부여해야 가능.

- You can share an AMI with another AWS account.

- Sharing an AMI doesn't affect the ownership of the AMI

- If you copy an AMI that has been shared with your account, you are the owner of the target AMI in your account

- To copy an AMI that was shared with you from another account, the owner of the source AMI must grant you read permissions for the storage that backs the AMI, either the associated EBS snapshot (for an Amazon EBS-backed AMI) or an associated S3 bucket (for an instance store-backed AMI).

 

* Limits

Windows AMI 와 같은 billingProduct AMI는 다른 계정으로부터 카피할 수 없음.

billingProduct AMI 로 EC2 인스턴스를 런칭한 후 해당 인스턴스로 AMI를 생성하여 복사하는 방식으로 복사가 가능.

  1) You can't copy an encrypted AMI that was shared with you from another account. Instead, if the underlying snapshot and encryption key were shared with you, you can copy the snapshot while re-encrypting it with a key of your own. You own the copied snapshot, and can register it as a new AMI.

  2) You can't copy an AMI with an associated billingProduct code that was shared with you from another account. This includes Windows AMIs and AMIs from the AWS Marketplace. To copy a shared AMI with a billingProduct code, launch an EC2 instance in your account using the shared AMI and then create an AMI from the instance.

 

# 내 AMI 를 기타 유저(AWS account)에게 공유하기

AMI 우클릭 > Modify Image Permissions > AWS account number 입력 및 Add Permission 클릭

* Add "create volume" permissions to the following associated snapshots when creating permissions

  - 위 옵션을 체크할 경우 AMI에 대한 직접 copy 를 허용, 체크하지 않을 경우 직접 copy 를 불허.

  - billingProduct AMI 를 카피하는 방식과 동일하게 본 AMI로 EC2 를 런칭한 후, AMI를 생성하는 방식으로 copy 가능