A simple, secure tool for customizing Ubuntu images for Amazon EC2 from your local computer.
gem install build-ubuntu-ami
build-ubuntu-ami my_custom_script.sh
This program is based heavily on Eric Hammond's blog post Creating Public AMIs Securely for EC2, and his shell script alestic-git-build-ami.
It works as follows:
- Boot an official Ubuntu EC2 instance
- Download and mount a copy of the official Ubuntu root volume image
- Run the custom user script in a chrooted environment on that image
- Attach an empty EBS volume
- Copy the customized boot image to the EBS volume
- Register an AMI from the customized EBS volume
Booting and logging in to a system offers many opportunities to leak secret credentials (even if you delete them). Creating an AMI from a pristine image rather than a running root volume obviates the need to remove leaked credentials.
This script does not need a private key & cert for credentials. It uses the AWS Access Key ID and Secret Access Key.