Pre-reqirement
-
Create S3 bucket
# aws s3api create-bucket --bucket packer-images
-
Display S3 bucket content
# aws s3 ls s3://packer-images --recursive --summarize --human-readable
-
Delete S3 bucket
# aws s3api delete-bucket --bucket packer-images
-
Create Role -
vmimport
- Create
trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
- Create a role named
vmimport and give VM import/Export access.
Ensure that your full path of trust-policy.json file, and that prefix file:///your/full/path/trust-policy.json
# aws iam create-role --role-name vmimport --assume-role-policy-document "file:///tmp/packer/trust-policy.json"
- Check Role stting is correct
aws iam get-role --role-name vmimport
- Create Policy =
role-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::packer-images",
"arn:aws:s3:::packer-images/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
- Create a policy and attach policy to the role.
Ensure that your full path of role-policy.json file. And that prefix file:///your/full/path/role-policy.json
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document "file:///tmp/packer/role-policy.json"
- Check vmimport policy setting is correct.
aws iam get-role-policy --role-name vmimport --policy-name vmimport-policy
Reference:
Create S3 bucket
# aws s3api create-bucket --bucket packer-images
Display S3 bucket content
# aws s3 ls s3://packer-images --recursive --summarize --human-readable
Delete S3 bucket
# aws s3api delete-bucket --bucket packer-images
Create Role -
vmimport- Create
trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}- Create a role named
vmimportand give VM import/Export access.
Ensure that your full path of
trust-policy.json file, and that prefix file:///your/full/path/trust-policy.json# aws iam create-role --role-name vmimport --assume-role-policy-document "file:///tmp/packer/trust-policy.json"- Check Role stting is correct
aws iam get-role --role-name vmimport- Create Policy =
role-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::packer-images",
"arn:aws:s3:::packer-images/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}- Create a policy and attach policy to the role.
Ensure that your full path of
role-policy.json file. And that prefix file:///your/full/path/role-policy.jsonaws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document "file:///tmp/packer/role-policy.json"- Check vmimport policy setting is correct.
aws iam get-role-policy --role-name vmimport --policy-name vmimport-policy
沒有留言:
張貼留言