Create an Amazon Machine Image (AMI) from a FreePBX Virtual Machine (VM)
- Make sure to install and configure AWS Command Line Interface in your host computer. You can find the instructions here.
- Please use an IAM user with administrator privileges.
- This has been tested on VMware Workstation 15 Professional edition.
Instructions
Download the latest FreePBX Distro from here and install it on VMware Workstation.
SSH into the instance and install the following packages.
yum install -y cloud-init cloud-utils-growpart
- Do the following changes in /etc/cloud/cloud.cfg
system_info:
default_user:
name: asterisk
lock_passwd: true
gecos: Asterisk User
groups: [wheel, adm, systemd-journal]
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/bash
distro: rhel
paths:
cloud_dir: /var/lib/cloud
templates_dir: /etc/cloud/templates
ssh_svcname: sshd
- Do the following changes in /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no
UseDNS no
- Shutdown the VM and export it to an OVA file.
- Create an S3 bucket and upload the exported OVA file either using AWS CLI or an S3 Client. I used Cyberduck S3 Client and it is freely available [here (https://cyberduck.io/download/).
7. You'll need to create the following policy documents. Make sure to change S3 bucket and OVA file name based on your configurations. In this example, S3 Bucket name and OVA file name will be ami-storage and FreePBX.ova, respectively.
7.A. Create trust-policy.json. This will be used to create the vmimport IAM role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
# Create vmimport IAM role
aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
7.B. Create role-policy.json. This will be used to assign necessary IAM policies to the vmimport role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::ami-storage"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::ami-storage/*"
]
},
{
"Effect": "Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
# Create and assign necessary IAM policies to the vmimport role
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json
7.C. Create containers.json. This will be used to generate an AMI from the uploaded OVA.
[
{
"Description": "FreePBX",
"Format": "ova",
"UserBucket": {
"S3Bucket": "ami-storage",
"S3Key": "FreePBX.ova"
}
}
]
# Generate an AMI from the uploaded OVA
aws ec2 import-image --description "FreePBX" --license-type BYOL --disk-containers file://containers.json
7.D. The previous task can range in estimated completion from 15 to 60 minutes. You can check its progress with the following command by replacing the ImportTaskId shown in the above command.
aws ec2 describe-import-image-tasks --import-task-ids import-ami-0b900a870c359a58f
7.E. The task will remain active with "StatusMessage": "pending" until it reaches completion. The "Progress" attribute will indicate the percentage of work made up to that point. Once the state switches to "completed" and the previous command gives additional information about the conversion of the image to AMI format, you will be provided with a new AMI available in the same region where you creted the S3 bucket. It can be used to provision a FreePBX EC2 instance.