Skip to content

Instantly share code, notes, and snippets.

@pbashyal-nmdp
Forked from shortjared/README.md
Created August 17, 2018 19:20
Show Gist options
  • Save pbashyal-nmdp/7c845bdc34a10dca762c29ce04f7880c to your computer and use it in GitHub Desktop.
Save pbashyal-nmdp/7c845bdc34a10dca762c29ce04f7880c to your computer and use it in GitHub Desktop.
If you have ever wanted to grab a marketplace AMI (ex: OpenVPN) you'll know that the process is painful. This solves the pain.

Usage

  • You will need to first make sure you have subscribed to the marketplace product
  • Get the AMI of the marketplace
  • Copy the script to machine
  • awsume (or otherwise authorize) to AWS
  • chmod the script to be executable if needed chmod +x marketplace-ami-encryptor.sh

Usage ./marketplace-ami-encryptor.sh {region} {ami} {name}
Example: ./marketplace-ami-encryptor.sh us-east-1 ami-f6eed4e0 OpenVPN

This make take a few minutes. Output looks like

Creating instance from marketplace AMI ami-f6eed4e0
Waiting for instance i-0d3a37ce1eb4b3f24 to be running and status OK...
Creating encrypted image
Waiting for AMI ami-01bfa37a, to be available...
Terminating unencrypted instance...
Everything is good! Your new AMI 'OpenVPN Encrypted' is available as ami-01bfa37a
#!/bin/bash
set -e
export AWS_DEFAULT_REGION=$1
MARKETPLACE_AMI=$2
NAME=$3
# Run Instance from Base AMI
echo "Creating instance from marketplace AMI $MARKETPLACE_AMI"
INSTANCE=`aws ec2 run-instances --image-id $MARKETPLACE_AMI --count 1 --instance-type t2.micro --query 'Instances[0].InstanceId'`
INSTANCE=`sed -e 's/^"//' -e 's/"$//' <<<"$INSTANCE"`
echo "Waiting for instance $INSTANCE to be running and status OK..."
aws ec2 wait instance-status-ok --instance-ids $INSTANCE
echo "Creating account AMI copy"
AMI_COPY=`aws ec2 create-image --instance-id $INSTANCE --block-device-mappings DeviceName=/dev/sda1,Ebs={Encrypted=True} --name "$MARKETPLACE_AMI Copy for $NAME" --query 'ImageId'`
AMI_COPY=`sed -e 's/^"//' -e 's/"$//' <<<"$AMI_COPY"`
echo "Waiting for AMI COPY $AMI_COPY to be available..."
aws ec2 wait image-available --image-ids $AMI_COPY
echo "Terminating unencrypted instance..."
TERMINATION=`aws ec2 terminate-instances --instance-ids $INSTANCE`
echo "Creating Encrypted AMI"
AMI_ENC=`aws ec2 copy-image --source-image-id $AMI_COPY --name "$NAME Encrypted" --encrypted --source-region $AWS_DEFAULT_REGION --region $AWS_DEFAULT_REGION --query 'ImageId'`
AMI_ENC=`sed -e 's/^"//' -e 's/"$//' <<<"$AMI_ENC"`
echo "Waiting for Encrypted AMI $AMI_ENC to be available..."
aws ec2 wait image-available --image-ids $AMI_ENC
echo "Deleting unneeded AMI Copy"
REMOVED=`aws ec2 deregister-image --image-id $AMI_COPY`
aws ec2 wait instance-terminated --instance-ids $INSTANCE
echo "Everything is good! Your new AMI '$NAME Encrypted' is available as $AMI"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment