Create an Amazon Machine Image (AMI) from a FreePBX Virtual Machine (VM)
important
- I opted to use VMware Workstation 15 Pro for this demonstration.
- Make sure to install and configure AWS Command Line Interface in your host computer. You can find the instructions here.
- Please use an IAM user with administrator privileges.
- I opted to use VMware Workstation 15 Pro for this demonstration.
- Make sure to install and configure AWS Command Line Interface in your host computer. You can find the instructions here.
- Please use an IAM user with administrator privileges.
- Download the latest FreePBX Distro from here and install it on VMware Workstation.
- SSH into the instance and install the following packages.
yum install -y cloud-init cloud-utils-growpart
- Do the following changes in /etc/cloud/cloud.cfg
system_info:
default_user:
name: asterisk
lock_passwd: true
gecos: Asterisk User
groups: [wheel, adm, systemd-journal]
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/bash
distro: rhel
paths:
cloud_dir: /var/lib/cloud
templates_dir: /etc/cloud/templates
ssh_svcname: sshd
- Do the following changes in /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no
UseDNS no
- Shutdown the VM and export it to an OVA file.
- Create an S3 bucket and upload the OVA file either using AWS CLI or a GUI tool. I used Cyberduck S3 Client and it can be downloaded here.
tip
- S3 Bucket: ami-storage
- OVA File: FreePBX.ova
- S3 Bucket: ami-storage
- OVA File: FreePBX.ova
- Create the following policy documents. Make sure to change S3 bucket and OVA file name according to your configurations.
- trust-policy.json will be used to create vmimport IAM role.
- role-policy.json will be used to assign necessary IAM policies to the vmimport role.
- containers.json will be used to generate an AMI from the uploaded OVA.
trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
role-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::ami-storage"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::ami-storage/*"
]
},
{
"Effect": "Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
containers.json
[
{
"Description": "FreePBX",
"Format": "ova",
"UserBucket": {
"S3Bucket": "ami-storage",
"S3Key": "FreePBX.ova"
}
}]
- Create vmimport IAM role.
aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
- Create and assign necessary IAM policies to the vmimport role.
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json
- Generate an AMI from the uploaded OVA.
aws ec2 import-image --description "FreePBX" --license-type BYOL --disk-containers file://containers.json
tip
This will launch a task that will take about 15 to 60 minutes to complete. You can check its progress with the following command by replacing the ImportTaskId displayed in the above command.
aws ec2 describe-import-image-tasks --import-task-ids import-ami-0b900a870c359a58f
tip
The task will remain active with "StatusMessage": "pending" until it finishes. The "Progress" attribute will indicate the percentage of work made up to that point. The task will be finished when the state changes "completed" and the previous command shows additional information about the already converted image to AMI format. From then on you will have a new AMI available in the same region where you created the S3 bucket and it will be ready to launch a new EC2 instance.
References: