amazon-web-services - Amazon EC2 - How to execute the 'launch" part of a Cross-Account AMI Copy?
问题描述
Context
I would like to perform a Cross-Account AMI Copy (I'm really trying to do this in C#, using the Amazon SDK, but need to understand it from a EC2 Console perspective, as well). The purpose is to back up an instance and it's volumes in one account (the first AMI) and then make a copy of this AMI in another account (so now two distinct AMI's, in two different S3 storage areas).
Currently, my code does the following:
- Finds the Instance to create an Image for (based on User Input).
- Creates an Image (AMI) of this Instance.
- After the Image Completes successfully, I share the AMI to another Account (Using LaunchPermissions on the Image. At this moment, it is not clear to me if I need to also share the Volumes using CreateVolumePermission).
There, I want to perform a Copy. The problem is that when I try to copy it I get this message:
Images with EC2 BillingProduct codes cannot be copied to another AWS account.
But, I did some reading and it said I could do the following:
Launch an EC2 instance of this shared Image and then create an AMI from this instance. Great!
Here is my issue
Just now, through the console (website), I am logged into the 2nd account, I selected the shared image and clicked the big Launch button.
Next, it took me to a screen where it wants me to choose an instance type (it is defaulted to t2.micro). In addition, there are other steps like "Configure Instance", "Add Storage", "Configure Security Group", etc.
For my purposes I just want to back up an Instance and it's volumes (using AMI to do this). Instead of defaulting to things like t2.micro, shouldn't all my configuration steps just match the Instance I took the image from (albeit I just have the AMI that is shared to this 2nd account, and can't really see the original instance, just the AMI that is shared to it)?
When I look at the original instance (from the first account), I see t2.medium, and I see security groups such as: RDP(3389)-HTTP(80)-HTTPS(443)-SSH(22)
In other words, I just want my "Launch" to take on the properties of the Instance I took an AMI of. Shouldn't it default to these properties? Or, how can I default it to these properties?
More context: After I'm done with this Launch, where the purpose is to create an AMI of it (or "the copy"), I would think that I no longer need the Instance and can delete it. I'm only launching just to create "the copy".
解决方案
AMI 独立于实例。AMI 仅具有与实例相关联的磁盘卷的副本。有关实例的其他任何属性均未与 AMI 一起保存。
在您自己的账户和区域内,您可以在 EC2 管理控制台中使用Launch More Like This,这会将实例类型、标签、用户数据等属性复制到新实例中。这是控制台的一项功能,不会反映在 AWS 中的实际 API 调用中。
安全组是完全独立的对象。一个实例可以关联多个安全组,但安全组不会作为实例的一部分进行复制。
底线:没有 API 调用来“克隆”一个实例及其所有属性。您需要在启动期间指定这些属性。
以下是有关 AMI 的信息类型:
{
"Images": [
{
"VirtualizationType": "paravirtual",
"Name": "My server",
"Hypervisor": "xen",
"ImageId": "ami-5731123e",
"RootDeviceType": "ebs",
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"DeleteOnTermination": true,
"SnapshotId": "snap-1234567890abcdef0",
"VolumeSize": 8,
"VolumeType": "standard"
}
}
],
"Architecture": "x86_64",
"ImageLocation": "123456789012/My server",
"KernelId": "aki-88aa75e1",
"OwnerId": "123456789012",
"RootDeviceName": "/dev/sda1",
"Public": false,
"ImageType": "machine",
"Description": "An AMI for my server"
}
]
}
推荐阅读
- arrays - 在相等检查后更改索引值 wrt 数组的最大值
- spring - 带有 Spring 的嵌入式 Tomcat 抛出 IllegalAccessError:
无法访问其超接口 - python - 从文本文件创建嵌套字典
- reactjs - 使用 AntDesign 和 PrimeReact React 可避免的重新渲染问题
- c# - 如何在字典键中添加占位符花括号
- html - 撇号在 windows、chrome 浏览器中显示为 ’
- c - C 编程使用 malloc 和赋值
- razor - 无法在 ASP.NET 核心 2.0 类项目中使用 TagHelper 在“cshtml”中添加条码
- dependencies - python的所有RDEPENDS是否需要在Yocto的IMAGE_INSTALL_append中显式定义?
- homebrew - 在 MacOS High Sierra 上通过 Homebrew 安装 Python 2 时出错