AWS 镜像部署及CLI 相关 (不定期整理)
Table of Contents
安装AWS CLI
上传到S3
导入镜像:
建立角色:
角色策略:
参考:
安装AWS CLI
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install上传到S3
aws s3 cp ./vm-tpl01-100G.raw s3://mk-vms导入镜像:
aws ec2 import-image --disk-containers file://containers.json
或者
aws ec2 import-image --description "vm-tpl01" --disk-containers file:///home/ben/aws/containers.json查询导入状态
aws ec2 describe-import-image-tasks \
--import-task-ids import-ami-07fdabb84e2110b4fcontainres.json (url格式)
[
{
"Format": "raw",
"Url": "s3://mk-vms/vm-tpl01-20G.raw"
},
{
"Description": "vm-tpl01-100G",
"Format": "raw",
"Url": "s3://mk-vms/vm-tpl01-100G.raw"
}
]
containres.json (bucket格式)
[
{
"Description": "vm-tpl01",
"Format": "raw",
"UserBucket": {
"S3Bucket": "mk-vms",
"S3Key": "vm-tpl01.raw"
}
}
]建立角色:
aws iam create-role --role-name vmimport --assume-role-policy-document file:///home/ben/aws/trust.jsontrust.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}角色策略:
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file:///home/ben/aws/role-policy.jsonrole-policy.json
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource":[
"arn:aws:s3:::mk-vms",
"arn:aws:s3:::mk-vms/*"
]
},
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketAcl"
],
"Resource":[
"arn:aws:s3:::export-image",
"arn:aws:s3:::export-image/*"
]
},
{
"Effect":"Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource":"*"
}
]
}参考:
- https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html
- https://docs.aws.amazon.com/cli/latest/reference/s3/#single-local-file-and-s3-object-operations