Can I use AWS CloudFormation with a custom AMI? - amazon-web-services

I want to use an AMI that have not been created from a snapshot. The AMI was created using a virtual machine and then I used CLI tools to create the instance and the AMI.
This instance have installed cloud-init. Could I use this AMI to create instances using cloudformation?
Do I need to install more software to use that service?
Thanks!

Yes, definitely, that is a very common use case:
Amazon Web Services (AWS) publishes many Amazon Machine Images (AMIs)
that contain common software configurations for public use. In
addition, the AWS developer community has published many custom AMIs.
You can also create your own custom AMIs so that you can quickly and
easily start new instances that have everything you need for your
application. For example, if your application is a website or a web
service, your AMI could include a web server, the associated static
content, and the code for the dynamic pages. After you launch an
instance with this AMI, your application is running and ready to
accept requests.
https://s3.amazonaws.com/cloudformation-examples/BoostrappingApplicationsWithAWSCloudFormation.pdf

Should you plan to use Cloudformation:Init inside your template to add additional configuration when your instance will start, be sure to install cfn tools as well (cfn-init, cfn-hup, cfn-signal...)
More details about Cloudformation:Init : http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html
How to install cfn helper scripts : http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-helper-scripts-reference.html

Yes.
When you are specifying the instance in the cloud formation script you can use "ImageID": "" <- put in the AMI ID
ImageId
Provides the unique ID of the Amazon Machine Image (AMI) that was assigned during registration.
Required: Yes
Type: String
Update requires: Replacement

Related

AWS ElasticBeanstalk with custom AMI

I have the following doubts about using custom AMI with AWS EB.
Now I have:
a default platform, Python 3.6 + Amazon Linux 1.10.0, and in EB configurations > Instances > AMI I get an ID that I think is the default AMI provided by AWS to launch the platform (and if it is like that than it should get modified at every platform update).
some platform configurations done with .ebextensions files
my Flask app that I deploy from CLI (eb deploy)
So, in order to avoid the .ebextensions configurations time, I'd like to use a custom AMI that includes (1) + (2) and continue to deploy my Flask app like before.
So to build the AMI:
can I stop an EC2 instance of my running env and make an AMI from that one from EC2 console? If I do so, then the AMI would contain even my .ebextensions files and my app, is it a problem?
if the AMI shouldn't include .ebextensions files, then the only way to custom the platform before doing the AMI is to SSH?
after having built the AMI I put its ID in EB console > configurations > instances and then EB takes care of everything, like updating the AMI id in EC2 > autoscaling > launch options?
to do a platofrm update I have first to manually rebuild the AMI starting from the new platform and then update the AMI ID in EB configurations? So it's not possible to update the platform from EB console like I was used to do before and then to save the new AMI?
when I deploy my app it then shouldn't contain .ebextensions files?
if I create the AMI with my app included, then EB autoscaling would even save the time of deploying the app? (Of course in this case to deploy I would have to create a new AMI first).
Thanks for help.
can I stop an EC2 instance of my running env and make an AMI from that one from EC2 console? If I do so, then the AMI would contain even my .ebextensions files and my app, is it a problem?
You don't have to stop it. You can make AMI from running instance. Also your instance its in ASG, so stopping it is not a good idea.
if the AMI shouldn't include .ebextensions files, then the only way to custom the platform before doing the AMI is to SSH?
It shoudn't matter if you have pre-existing app on the ami. New deployment will install your app anyway.
after having built the AMI I put its ID in EB console > configurations > instances and then EB takes care of everything, like updating the AMI id in EC2 > autoscaling > launch options?
Yes,
to do a platofrm update I have first to manually rebuild the AMI starting from the new platform and then update the AMI ID in EB configurations? So it's not possible to update the platform from EB console like I was used to do before and then to save the new AMI?
Probably, have to repeat the process.
when I deploy my app it then shouldn't contain .ebextensions files?
It depends what they do. If they install software which is already on the custom ami, you can remove it.
if I create the AMI with my app included, then EB autoscaling would even save the time of deploying the app? (Of course in this case to deploy I would have to create a new AMI first).
The purpose of the custom ami is to save time on installing and configuring custom software that is normally not on the AWS amis. Its not to replace or elimiate the need of deploying your APP. You still need to do it, but can skip installing custom packages.
You can create a custom AMI from a running EC2 instance from the console, and from the CLI. Any AMI you create is a faithful copy of the instance, so if the instance has ebextensions, then the AMI will do also.
I think I understand that you want to create an AMI from instances being managed by ElasticBeanstalk? If that is so, then there are certain files that need to exist on the ElasticBeanstalk EC2 instance so that ElasticBeanstalk and Cloudformation can manage the environment. The .ebextensions are scripts are used to configure the environment, at least in my experience there are maintained in your repo. If your AMI has .ebextensions then they are most likely needed.
I don't think it is typical to use a custom AMI under ElasticBeanstalk: the whole point is to let AWS manage that layer for you. I would recommend that if you really need a custom AMI, you look at doing what you want to do directly in EC2 and forgo ElasticBeanstalk. ElasticBeanstalk is really only an abstracted 'friendly' interface to EC2 and other services (eg autoscaling and load balancer are actually EC2). Maybe even consider putting your application into a docker?
You can create Custom AMI of EC2 instance which is running for Elastic beanstalk. IF you are going with custom AMI then no need to use .ebextension files because either AMI should include all the changes which has already done when you deployed application along with ebextension file or do the necessary changes in server before creating AMI. But it is good to use default AMI which AWS provides while creation of Elastic Beanstalk and use .ebextension files to do required tasks during deployment.

Export Existing EC2 instance to CloudFormation json/yaml

Problem:
I have an EC2 instance running and I have made some modifications to the instance: installed docker, setup directories for certs, etc. Now, I am wanting to create the same instance but use infrastructure as code principals. Instead of remembering all the additions that I have done and creating a template by hand, I am trying to find a way to export my current EC2 instance into a json or yaml format so that I can terminate this instance and create another one that is equivalent to the one running.
I have tried:
aws ec2 describe-instances
Reading through the AWS CLI EC2 docs
Reading through the CloudFormation docs
Searched Google
Searched SO
Since you have no knowledge of how the instance was setup, the only choice is to create an Amazon Machine Image (AMI). This will create an exact copy of the disk, so everything you have installed will be available to any new instances launched from the AMI. The CloudFormation template can then be configured to launch instances using this AMI.
If, on the other hand, you knew all the commands that needed to be run to configure the instance, then you could provide a User Data script that would run when new instances first boot. This would configure the instances automatically and is the recommended way to configure instances because it is easy to modify and allows instances to launch with the latest version of the Operating System.
Such a script can be provided as part of a CloudFormation template.
See: Running commands on your Linux instance at launch - Amazon EC2
One option would be to create AMI from live instance and spin up new CF stack using the AMI.
Other would be importing resource: https://aws.amazon.com/blogs/aws/new-import-existing-resources-into-a-cloudformation-stack/
There is a tool (still in beta) developed by AWS called CloudFormer:
CloudFormer is a template creation beta tool that creates an AWS CloudFormation template from existing AWS resources in your account. You select any supported AWS resources that are running in your account, and CloudFormer creates a template in an Amazon S3 bucket.
The CloudFormer is an AWS managed template. Once you launch it, the template will create an AWS::EC2::Instance for you along with a number of other related resources. You will access the instance using URL through browser, and an AWS wizard will guide you from there.
Its tutorial even shows how to create a CloudFormation template from an existing EC2 instance.
Import the EC2 instance into CloudFormation then copy it’s template.
Read more: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import.html

Replicate changes made on one EC2 to another EC2 Server

I have two ec2 servers named Ec2-Webserver-1 and EC2-WebServer-2 inside same VPC under two different subnets served by Application Load Balancer.
When I made small changes to the first servers, Then I have to manually change the another server too. Otherwise I have to create an AMI and create a new server from the AMI.
I think, creating AMI each time when I made little changes is not the appropriate one.
Is there any other tools in AWS or third-party tools that can auto replicate the changes made on Server 1 to Server 2? I am currently using CentOS AMI.
I would suggest look into cloudformation. You can define your ec2, what IAM roles you want it to have and a whole lot of other stuff. Once that is done you can just run the cloudformation script and AWS will provision the EC2 with your defined settings automatically. CloudFormation link
You should be looking into Code Deploy https://aws.amazon.com/codedeploy/getting-started/?nc=sn&loc=4 Possibly combine it with Code Pipeline. Here is a starting point for deciding whether you need one or both. https://forums.aws.amazon.com/thread.jspa?threadID=172485

AWS service to deploy a machine with default security groups, alarms, etc.?

I am looking to provide my software setup to others for use on AWS with as few manual steps as possible. I can create an AMI with my software pre-installed and configured rather than just an installer which cuts out several issues (badly sized disks, people picking wrong/unsupported distro for my compiled binary, etc.) but this does not bundle the config for network interfaces, alarms, or other related Amazon services.
Does Amazon have a service/mechanism that will such features? I know of launch templates but these are per-region, per-account and need to be created after groups etc. have been added manually.
I know Amazon have API's for all this, but before turning to third parties or my own script I want to be sure that Amazon has no portable template type thing that can be provided and they simply launched in the console.
You can create your AMI with your software pre-installed and publish them to all the available regions(AWS marketplace/ public access).
Later use Cloud formation template which will include creation of aws resources needed for your application to run including launching instance using your AMI id's for each region and the instance launch uses the ami from the corresponding region. This way your customers can just use the cloudformation template and all prerequisites will be met.
In terms of having your AMI ID in the cloud formation template and using it based on the region in which it is launched can be achieved using the Mappings section in Cloud formation. Hope that helps

Amazon AWS Beanstalk Custom AMI Problems

I'm trying to deploy an application to AWS that requires some extra software installed on the server. To create the custom image, I followed the instructions I found here and here to start an EC2 instance and install my software. I then created a snapshot before terminating the instance.
Now my question: How do get beanstalk to use my snapshot when creating an application? When I try to create an application, only the 7 basic AMIs are available for 'container type'.
From personal expirence I can say that most documentation on elastic beanstalk customization is outdated. What about using of custom ami, you need to know the actual version of the elastic beanstalk anyway installs beanstalk scripts and performs configuration on new instance bootstrap, so if you use custom ami it also happens. Base on this I would recommend to use custom ami when you need to have some OS level customizations.
If you need to install some additional software or change something I would recommend to use approach described here: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html
Good example described here:
http://www.hudku.com/blog/innocuous-looking-evil-devil/
Also you can find a lot of examples on github if you try to find keyword: .ebextentions
Fire up your environment configuration, and then switch to the custom AMI you've registered, in the Environment Settings. If possible, save a Configuration Template for further usage.