HowTo: Convert an Amazon EC2 EBS Image to an Instance Store Image

In this article, we will show how to convert an EBS backed AMI into an Instance Store AMI.

You’ll need:

X.509 Certificate

1
~/.aws/cert-3F4CCOPFPLFTBZ2KRFLQXQYMYEXAMPLE.pem

X.509 Private Key

1
~/.aws/pk-3F4CCOPFPLFTBZ2KRFLQXQYMYEXAMPLE.pem

AWS Access Key ID

1
C99F5C7EE00F1EXAMPLE

AWS Secret Key

1
a63xWEj9ZFbigxqA7wI3Nuwj3mte3RDBdEXAMPLE

AWS Account Number (without dashes)

1
123456789012

S3 Bucket to upload the image to

1
my-gentoo-image-bucket

To find your account number, Go to https://aws.amazon.com/ Click on My Account / Console then on My Account or just click here to go to Mange Your Account.

Start the instance

We’ll use the Gentoo Linux images built by Dowd and Associates for this example

64-bit

Console - user@localhost ~ $

1
2
3
4
5
6
ec2-run-instances \
--region us-east-1 \
ami-c2c07aab \
--group default \
--key example \
--instance-type m1.small

32-bit

Console - user@localhost ~ $

1
2
3
4
5
6
ec2-run-instances \
--region us-east-1 \
ami-ccc07aa5 \
--group default \
--key example \
--instance-type m1.small

SCP X.509 certificates

You’ll need to scp your X.509 certificates to the instance:

Console - user@localhost ~ $

1
2
3
4
5
6
7
scp -i ~/.ssh/example.pem \
~/.aws/cert-3F4CCOPFPLFTBZ2KRFLQXQYMYEXAMPLE.pem \
ec2-user@ec2-1-2-3-4.compute-1.amazonaws.com:/home/ec2-user/cert.pem

scp -i ~/.ssh/example.pem \
~/.aws/pk-3F4CCOPFPLFTBZ2KRFLQXQYMYEXAMPLE.pem \
ec2-user@ec2-1-2-3-4.compute-1.amazonaws.com:/home/ec2-user/pk.pem

Connect to instance

SSH to the remote machine and switch to the root user

Console - user@localhost ~ $

1
ssh -i ~/.ssh/example.pem ec2-user@ec2-1-2-3-4.compute-1.amazonaws.com

Console - ec2-user@hostname ~ $

1
2
screen -aA
sudo su -

Install ruby

Console - root@hostname ~ #

1
emerge -av dev-lang/ruby

Install ec2-ami-tools

Have the instance install the latest version of the ec2-ami-tools every time it starts

Console - root@hostname ~ #

1
2
3
4
5
6
7
8
9
10
11
12
13
cat <<'EOF'>/etc/local.d/ec2-ami-tools.start
mkdir -p /tmp/aws
mkdir -p /opt/aws

curl --silent -o /tmp/aws/ec2-ami-tools.zip http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.zip
rm -fR /tmp/aws/ec2-ami-tools-*
unzip -d /tmp/aws /tmp/aws/ec2-ami-tools.zip
rm -fR /opt/aws/ec2-ami-tools
mv /tmp/aws/ec2-ami-tools-* /opt/aws/ec2-ami-tools
rm -f /tmp/aws/ec2-ami-tools.zip
EOF

chmod 755 /etc/local.d/ec2-ami-tools.start

Install ec2-ami-tools and set the environment variables

Console - root@hostname ~ #

1
2
3
4
5
6
7
cat <<'EOF'>/etc/profile.d/ec2-ami-tools.sh
export EC2_AMITOOL_HOME=/opt/aws/ec2-ami-tools
export PATH=$PATH:$EC2_AMITOOL_HOME/bin
EOF

chmod 755 /etc/profile.d/ec2-ami-tools.sh
/etc/local.d/ec2-ami-tools.start

Mount /mnt

64 bit

Console - root@hostname ~ #

1
mount /dev/xvdb /mnt

32 bit

Console - root@hostname ~ #

1
mount /dev/xvda2 /mnt

Move the X.509 certs to /mnt

Console - root@hostname ~ #

1
2
mv ~ec2-user/cert.pem /mnt/cert.pem
mv ~ec2-user/pk.pem /mnt/pk.pem

Setup for image creation

Console - root@hostname ~ #

1
2
mkdir -p /mnt/out
modprobe loop

Create the bundle

The difference between the two is -r (x86_64 i386)

64-bit

Console - root@hostname ~ #

1
2
3
4
5
6
7
ec2-bundle-vol \
-k /mnt/pk.pem \
-u 123456789012 \
-c /mnt/cert.pem \
-r x86_64 \
-d /mnt/out \
-i `find / -name "*.pem" | grep -v "^/mnt" | grep -v "^/home" | tr '\n' ','`

32-bit

Console - root@hostname ~ #

1
2
3
4
5
6
7
ec2-bundle-vol \
-k /mnt/pk.pem \
-u 123456789012 \
-c /mnt/cert.pem \
-r i386 \
-d /mnt/out \
-i `find / -name "*.pem" | grep -v "^/mnt" | grep -v "^/home" | tr '\n' ','`

Upload the bundle

There is no difference between the commands for 32-bit and 64-bit except for the location we’re uploading to

64-bit

Console - root@hostname ~ #

1
2
3
4
5
ec2-upload-bundle \
--manifest /mnt/out/image.manifest.xml \
--bucket my-gentoo-image-bucket/Gentoo_64-bit-instance-store-2012-11-03-07-43-35 \
--access-key C99F5C7EE00F1EXAMPLE \
--secret-key a63xWEj9ZFbigxqA7wI3Nuwj3mte3RDBdEXAMPLE

32-bit

Console - root@hostname ~ #

1
2
3
4
5
ec2-upload-bundle \
--manifest /mnt/out/image.manifest.xml \
--bucket my-gentoo-image-bucket/Gentoo_32-bit-instance-store-2012-11-03-07-42-49 \
--access-key C99F5C7EE00F1EXAMPLE \
--secret-key a63xWEj9ZFbigxqA7wI3Nuwj3mte3RDBdEXAMPLE

Shutdown the instance

Console - root@hostname ~ #

1
shutdown -h now

Setup for register

Make sure that you have EC2_CERT and EC2_PRIVATE_KEY set to the X.509 keys you used to bundle the image

Console - user@localhost ~ $

1
2
export EC2_CERT=~/.aws/cert-3F4CCOPFPLFTBZ2KRFLQXQYMYEXAMPLE.pem
export EC2_PRIVATE_KEY=~/.aws/pk-3F4CCOPFPLFTBZ2KRFLQXQYMYEXAMPLE.pem

Register the image

64-bit

Console - user@localhost ~ $

1
2
3
4
5
6
ec2-register \
--region us-east-1 \
--kernel aki-88aa75e1 \
--name "Gentoo_64-bit-instance-store-2012-11-03-07-43-35" \
--description "Gentoo 64-bit instance-store" \
my-gentoo-image-bucket/Gentoo_64-bit-instance-store-2012-11-03-07-43-35/image.manifest.xml

32-bit

Console - user@localhost ~ $

1
2
3
4
5
6
ec2-register \
--region us-east-1 \
--kernel aki-b6aa75df \
--name "Gentoo_32-bit-instance-store-2012-11-03-07-42-49" \
--description "Gentoo 32-bit instance-store" \
my-gentoo-image-bucket/Gentoo_32-bit-instance-store-2012-11-03-07-42-49/image.manifest.xml