AWS 镜像部署及CLI 相关 (不定期整理)

 

Table of Contents

安装AWS CLI

上传到S3

导入镜像:

建立角色:

角色策略:

参考:


安装AWS CLI

$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

上传到S3

aws s3 cp ./vm-tpl01-100G.raw  s3://mk-vms

导入镜像:

aws ec2 import-image --disk-containers file://containers.json
或者
aws ec2 import-image --description "vm-tpl01" --disk-containers file:///home/ben/aws/containers.json

查询导入状态

aws ec2 describe-import-image-tasks \
    --import-task-ids import-ami-07fdabb84e2110b4f

containres.json (url格式)

[
  {
    "Format": "raw",
    "Url": "s3://mk-vms/vm-tpl01-20G.raw"
  },
  {
    "Description": "vm-tpl01-100G",
    "Format": "raw",
    "Url": "s3://mk-vms/vm-tpl01-100G.raw"
  }
]


containres.json (bucket格式)

[
  {
    "Description": "vm-tpl01",
    "Format": "raw",
    "UserBucket": {
        "S3Bucket": "mk-vms",
        "S3Key": "vm-tpl01.raw"
    }
  }
]

建立角色:

aws iam create-role --role-name vmimport --assume-role-policy-document file:///home/ben/aws/trust.json

trust.json

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": { "Service": "vmie.amazonaws.com" },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals":{
               "sts:Externalid": "vmimport"
            }
         }
      }
   ]
}

角色策略:

aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file:///home/ben/aws/role-policy.json

 role-policy.json

 

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetBucketLocation",
            "s3:GetObject",
            "s3:ListBucket" 
         ],
         "Resource":[
            "arn:aws:s3:::mk-vms",
            "arn:aws:s3:::mk-vms/*"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetBucketLocation",
            "s3:GetObject",
            "s3:ListBucket",
            "s3:PutObject",
            "s3:GetBucketAcl"
         ],
         "Resource":[
            "arn:aws:s3:::export-image",
            "arn:aws:s3:::export-image/*"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource":"*"
      }
   ]
}

参考:

- https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html

- https://docs.aws.amazon.com/cli/latest/reference/s3/#single-local-file-and-s3-object-operations

你可能感兴趣的:(Amazon,技术笔记,aws,运维)