Monday, March 28, 2011

Create an AMI

This blog will guide you through creating an Ubuntu AMI (Amazon Machine Image) from a launched Instance. In this tutorial we will create S3 backed AMI from running instance (Ubuntu). Before getting down to create an actual AMI let’s try to understand some basic terminologies:

Understand what AMI is: An Amazon Machine Image (AMI) is a special type of virtual appliance which is used to instantiate (create) a virtual machine within the Amazon Elastic Compute Cloud. It serves as the basic unit of deployment for services delivered using EC2. We can say that AMI is an image from which an instance can boot.

What is Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers
Create your own AMI, so that you can boot new custom instance which have all the required software preinstalled. Your AMI becomes basic unit of deployment; it will save your time of installing required software again and again.

You can make a new AMI either by creating a new one from scratch on your own machines or by modifying and extending an existing image (such as the one you just booted and logged onto). This tutorial will take you through modifying and extending an existing image. To start creating AMI first launch an instance of existing AMI, so that we can change it according to our need and create an AMI

Two types of AMIs: There are two types of AMIs based on storage; S3 backed and EBS backed. In this tutorial we will create S3 backed AMI. In S3 backed AMI, newly created AMI will be stored on S3

Launching an Instance:
1.       Login to Amazon EC2 (

2.       Click the button “Launch Instance”
a.       Choose AMI: Select suitable AMI
b.      Instance Details: Select Instance details like no of Instances, Instance type etc. You can skip advance steps(remain default values)
c.       Create Key Pair: Either use existing key pair or create new one.
d.      Configure Firewall: Either select existing security group or create new one (This is for unlocking the specific port etc.)
e.      After review launch the instances.

      3.       To open console in putty use public DNS and keys(created or used in previous step) of that Instance

At this point (ie before creating an AMI) you can make require changes to the instance, for example you can install required software or change some settings or whatever is your need. Now in the next step we will create AMI of the instance just launched.

Creating an Image (AMI):
       1.       After launching instance, copy the X.509 certificate and private key to /mnt
a.       To download the X.509 certificate and private key click account >> security credentials on amazon website.

       2.       Add repository:
a.       sudo perl -pi -e 's%(universe)$%$1 multiverse%'  /etc/apt/sources.list
b.      Update:
                                                               i.      sudo apt-get update
c.       Install ec2 tools:
                                                               i.      sudo apt-get install ec2-ami-tools
                                                             ii.      sudo apt-get install ec2-api-tools

        3.       Define following environment variable:

        4.       Bundling the AMI: This step will create an image and break it into different part 10MB each and encrypt them.
a.       ec2-bundle-vol -d /mnt -k YOUR-PATH-TO-PRIVATE-KEY -c YOUR-PATH-TO-X.509-CERTIFICATE –u YOUR-AWS-ACCOUNT-NO -r i386

        5.       Create a bucket on S3: In this bucket our newly created AMI will be saved

        6.       Upload AMI to S3:
a.       ec2-upload-bundle -b YOUR-S3-BUCKET -m /mnt/image.manifest.xml -a YOUR-AWS-ACCESS-ID -s YOUR-AWS-ACCESS-KEY

        7.       Register the AMI: Your image must be registered with Amazon EC2, so Amazon can locate it and run instances based on it. In this process your newly created AMI will get unique AMI Id
a.       ec2-register –K  YOUR-PATH-TO-PRIVATE-KEY –C YOUR-PATH-TO-X.509-CERTIFICATE  YOUR-S3-BUCKET/image.manifest.xml

        8.       Run Instance using newly created AMI
a.       ec2-run-instances YOUR-AMI-ID (which you got in last step)

        Congratulations Your AMI is Created Successfully. Now when you launch new instance you will get this AMI in list under MY AMIs

        9.   To unregister an AMI
                     a.   ec2-deregister YOUR-AMI-ID

        YOUR-PATH-TO-PRIVATE-KEY:   /mnt/pk*.pem
        YOUR-PATH-TO-X.509-CERTIFICATE:  /mnt/cert*.pem

      Keys and certificate:
        YOUR-AWS-ACCOUNT-NO:   In the web browser click “account >> Account Activity” (It will appear on right side in the form 9999-9999-9999. When you use the account number in the context of the API's, you should leave out the hyphens and just use the 12 digits)
        YOUR-AWS-ACCESS-ID:   In the web browser click “account >>security credentials” under heading “access credentials >> access keys”
        YOUR-AWS-ACCESS-KEY:   In the web browser click “account >>security credentials” under heading “access credentials >> access keys”
        PRIVATE-KEY:   In the web browser click “account >>security credentials” under heading “access credentials >> x.509 certificate”
        X.509-CERTIFICATE:   In the web browser click “account >>security credentials” under heading “access credentials >> x.509 certificate”

       You have to click on create new certificate if you don’t have private key for current certificate, then you will get new certificate as well as private key



  1. Hey fantastic writeup. Have a question, does this only work if you started an S3 ami? Can I used this if I have an EBS based instance launched and want to make an S3 ami out of it?

    1. cắn đầu lưỡi, phun ra một ngụm máu tươi lên trên nắm bùn đen này, lập tức một đám khói đen từ trên nắm bùn bốc lên.

      Chu Tước Tử vung tay phải vòng quanh đám khói đen, dẫn dắt làn khói lập tức hình thành nên một ký hiệu kỳ lạ.

      - Lão phu là một đời Chu Tước Tử, hiến tế chín phần mười tuổi thọ còn lại để mở ra tu tinh chi tâm, ta muốn có được đình chỉ ý cảnh do tu chân liên minh ban cho trong nháy mắt!
      dong tam mu lậu cho thuê nhà trọ cho thuê nhà trọ nhạc sàn cực mạnh tư vấn pháp luật qua điện thoại công ty luật ở hà nội số điện thoại tư vấn pháp luật dịch vụ thành lập doanh nghiệp
      Tay phải hắn chỉ về phía trước, lập tức ký hiệu do khói đen hóa thành lập tức lóe lên, bay ra dừng ở không trung phía trước Chu Tước Tử ba trượng với tộc độ cực nhanh rồi nhanh chóng biến mất.

      Trong nháy mắt, tất cả sinh linh phạm trong phạm vi trăm trượng lập tức ngừng lại, không chút cử động.

      Ở chỗ ký hiệu biến mất, luồng tử kim quang lóe lên, đệ tứ hồn xuất hiện.

  2. Thanks Ankur,
    Yes you can use this if you have EBS backed instance and and want to create S3 AMI.

  3. Nice article. Keep posting.

  4. AnonymousMay 02, 2011

    Hi Rahul,
    I am new to the concept of EC2. I have a distributed aplication already running in staging and have clustered App Servers and database servers. When I need to migrate this into EC2 do I have to put both the app server and db server in one AMI. I have only one Elastic IP. Please suggest.

  5. Hi,
    I am not getting why you want to create an AMI ?

    Do you want to save your data and application as Image, to provide solution to your customers ?

    You can launch an instance and configure your application on cloud in two ways:
    1. you can start with launching an AMI with no pre software installed and you can install your DB and other softwares,
    2. you can start with launching an AMI with your DB pre installed and just configure your application.

    If you want to save your configuration along with all your setups, you can create AMI.

    yes you can put both the app server and db server in one AMI.

  6. Here's the procedure to build your own S3- and EBS-backed AMIs using CentOS install DVD discs and run the kernel that comes with CentOS:

  7. One coleague has changed the Windows Server 2008 administrator password on an instance that we have on amazon. Can we create another instance using an image without the need to configure again the new instance and without spending time to install all the websites and applications that we have on the old instance? We spend a lot of time setting up the server it is going to take us 2 weeks to do that again.

  8. Yes you can start another instance using old image.
    But you will get only those data(website and app) on new instance which was present on old instance before creating AMI

  9. Is there a GUI for Creating an Image (AMI) steps?
    Thank you.

    1. No GUI Available for creation of AMI of S3 backed instances
      If talking about EBS backed instances, you can directly create AMI from AWS console

      select instance >> click "Instance Action" >> click "Create Image (EBS AMI)"

  10. ok.. I did everything you said and it worked right up to: ec2-register then it just gave me a world of hell by listing all the options for ec2-register. Any ideas?
    Centos 6.2 64 bit

    Driving me nuts

    1. If you are able to run this command (ec2-register ), it means your image is registered now you can run that image from AWS console.

      FYI: Above steps are used and tested on Ubuntu

  11. Ahh.. thanks.

  12. It was interesting.. It definitely wasn't registered, so I just registered the AMI using the AWS web interface.

    1. ec2-register –K YOUR-PATH-TO-PRIVATE-KEY –C YOUR-PATH-TO-X.509-CERTIFICATE YOUR-S3-BUCKET/image.manifest.xml

      I have tested it, It works fine for me

      If you are not able to register with above command there might be problem of parameters like private key or certificate or bucket, please check

  13. After running all first steps in a S3-backed ubuntu instance, I execute
    ec2-upload-bundle -b sampleimages -m /mnt/image.manifest.xml -a XXXXXXXXXXXXXXXXXXXX -s XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --url

    I keep getting the error:
    ERROR: Error talking to S3: Server.SignatureDoesNotMatch(403): The request signature we calculated does not match the signature you provided. Check your key and signing method.

    I created the image with
    ec2-bundle-vol -d /mnt -k /mnt/pk-JD2USLPYCEIUTCADBCLIOEHX7WIAWWCR.pem -c /mnt/cert-JD2USLPYCEIUTCADBCLIOEHX7WIAWWCR.pem -u XXXXXXXXXXXX -r x86_64 -e /mnt

    What could be the problem?

  14. Hi I am using oracle linux 6.7. How can I save my ec2 image ami into s3 and download from s3 to local vm environment

  15. Please confirm what is this ? and how can i create in oracle linux 6.7

    2. Add repository:
    a. sudo perl -pi -e 's%(universe)$%$1 multiverse%' /etc/apt/sources.list