Monday, May 5, 2025

AMI (Amazon Machine Image) & twtech-Custom-AMIs

 

Here's a concise overview of AMI (Amazon Machine Image) & twtech-Custom-AMIs

Scope:

• How twtech starts and customize its EC2 instances.

• How twtech stops its running instances (for data integrity).

• How twtech builds Custom AMIs… a process that also creates EBS snapshots.

• How twtech launches instances with Custom AMIs... that has dependencies, packages and applications already installed in the Custom-AMIs.

The concept of : AMI

An Amazon Machine Image (AMI) is a pre-configured virtual machine image used to launch EC2 instances in Amazon Web Services (AWS).

AMIs, includes all the information required to boot an instance, such as:

  • Operating System (OS)
  • Application Server
  • Applications
  • Runtime libraries
  • Configurations

AMI Components

  1. A root volume template (e.g., OS and installed software)
  2. Launch permissions (controls who can use the AMI)
  3. Block device mapping (defines volumes attached when launched)

Types of AMIs

  1. AWS-Provided AMIs
    • Maintained by AWS (e.g., Amazon Linux, Ubuntu, Windows Server)
  2. Marketplace AMIs
    • Provided by vendors (often preconfigured for specific software)
  3. Community AMIs
    • Shared by users publicly
  4. Custom AMIs(private AMIs)
    • Created by users (twtech) from an existing EC2 instance

Common Use Cases

  • Quickly deploy identical servers
  • Backup EC2 instances
  • Build golden images for compliance
  • Speed up auto scaling group launch time

AMI Lifecycle

  1. Launch EC2 instance
  2. Customize instance
  3. Create Image (AMI) from instance
  4. Use AMI to launch more instances

Key Attributes

  • Region-specific: AMIs are available only in the region they are created
  • Can be copied to other regions
  • Support for encryption when using encrypted volumes

Addendum

• The Public AMI: AWS provided,

• The private AMI: twtech private AMI is created and maintained by twtech. Access is limited to twtech only.

The Difference between public and private AMIs

The difference between public and private AMIs in AWS comes down to access control—who can see and use the AMI.

 Public AMIs

  • Visibility: Accessible to any AWS account.
  • Use Case: Shared for general use—e.g., Amazon Linux AMIs, community AMIs, or marketplace images.
  • Management: Created by AWS, third-party vendors, or users who choose to share them publicly.
  • Security Risk: If not properly sanitized, they could expose sensitive data or contain vulnerabilities.

Example: An open-source developer publishes a hardened Ubuntu AMI for the public to use.

 Private AMIs

  • Visibility: Only accessible to the AWS account that created it, or to specific AWS accounts explicitly granted permission.
  • Use Case: Used to launch internal systems with custom configurations (e.g., enterprise applications, golden images).
  • Access Control: You can share with specific AWS account IDs using Launch Permissions.
  • Secure: Ideal for internal, regulated, or production environments.

Example: twtech  creates a private AMI with custom monitoring agents and internal software for internal deployments.

 Summary Table

Feature

Public AMI

Private AMI

Visibility

Everyone on AWS

Only your account or shared accounts

Sharing Control

Open to all

Explicitly shared

Security Risk

Higher (if not sanitized)

Lower (restricted access)

Use Case

Community use, demos, marketplaces

Internal apps, enterprise images

Project: AMI (Hands-on)

scope:

How twtech Launches an instancetwtech-instance,

With applications (sonarqube) and dependencies bootstrapped at launch,

Test that the applications bootstrapped are running seamlessly,

Create  a custom AMIs from instance with the applications(sonarqube/depencies)  already installed in it,

Use the custom image (custom-AMI) to quickly create other instances. that comes already equipped with testable packages and applications.

Also, test that the application is running as expected on the instance provision with a custom AMI (image),

Possibly, publish the AIM to AWS Marketplace...fetch money if it passes aws compliance /tests

AMI (Hands-on)

Launch an instance: twtech-instance

Launch instance:  twtech-instance

Select Application and OS Images (Amazon Machine Image)

An AMI is a template that contains the software configuration (operating system, application server, and applications) required to launch your instance. Search or Browse for AMIs if you don’t see what you are looking for below

Choice: Amazon linux 2023 AMI


Select the Instance type: t2.medium is the minimum recommendation for sonarqube to run

Select the Key pair:  twtech-keyPair


For Network settings, select a security group initially created or create one: sonarqube-SG


Configure storage: root-volume can only be added. It can not be reduced.

 From: 8GiB

To: 15GiB


We are using advance settings: userdata:

Scroll down to: userdata: upload the script or write one.

Link to script

https://github.com/Devopspat35/Package-management/blob/master/twtech-sonarqube.sh

The version of java recommended for amazon linux 2023: java-17-amazon-corretto

 sudo dnf install java-11-amazon-corretto -y


Go through summary and lunch instance(twtech-instance): Dependencies, packages and sonarqube application would be bootstrapped. 



Verify on EC2-console that instance is lunched: twtech-instance


Connect (ssh) to instance to verify that all packages are bootstrapped.


Choose the connection method: SSH client


Switch user to sonar and verify that sonarqube was bootstrapped
sudo su - sonar

# Verify who owns the sonarqube directory, it should be: sonar:sonar

 ls -al /opt/sonarqube

# verify installed packages and dependencies installed :  sudo dnf install java-11-amazon-corretto -y

 java -version

# Start sonarqube

sh /opt/sonarqube/bin/linux-x86-64/sonar.sh start

# Verify status of sonarqube:

sh /opt/sonarqube/bin/linux-x86-64/sonar.sh status

Access sonarqube logs: CLI

Get pubip for twtech-instance: curl ifconfig.me

curl -v <twtechPubIP>:9000

curl -v 3.12.xxx.146:9000

Access sonarqube application on browser: UI

Login to browser as admin user and create other twtech users: twtech-patpat

Alternatively: twtech may also: run sonarque as a service with a soft link

Alternative way to start sonarqube as a service:

# sudo vi into the file:

sudo vi /etc/systemd/system/sonarqube.service

# configure the file with the follow to settings for : sonarqube service

[Unit]

Description=SonarQube service

After=syslog.target network.target

[Service]

Type=forking

ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start

ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop

User=sonar

Group=sonar

Restart=always

[Install]

WantedBy=multi-user.target

# run system daemon-reexec to fresh server

sudo systemctl daemon-reexec

# Roload the system:

sudo systemctl daemon-reload

# enable sonarqube service:

sudo systemctl status sonarqube

# start sonarQube server

sudo systemctl start sonarqube

# verify status of sonarqube:

sudo systemctl status

# Access the sonarqube application: Get the host PubIPaddress:

curl ifconfig.me

Acessing the sonarqube  logs : CLI


Acessing the sonarqube on the browser: GUI (UI)

http://<twtech-instance-public-ip>:9000

3.12.xxx.146:9000

Login as admin user:

#Default USERNAME: admin

#Default password: admin

Hot twtech admin  creates custom AMI from ec2-instance: sonarqube-server

This will save the state of the sonarqube-server as a custom AMI: twtech-sonarqube-custom-ami

 How twtech creates custom AMIs from: image-and-template

Create image: 


Create image from twtech-instance (with sonarqube application fully installed and running) on amonzon linux 2023. 


Add tags and create image:

Name: sonarqube-image-for-amazon-linux-2023


How twtech verifies  custom AMIs (image) created 

After a couple of minutes, twtech custom ami for amazon-linux 2023 with sonarqube should be full created and available:

How twtech used its custom AMIs(sonarqube-image-for-amzon-linux-2023) to create other instances.


Assign a name and tag: twtech-sonar-server-from-custom-amazon-linux2023-ami

Select instance type: sonarqube runs on,  t2.medium or above


Select a key pair:  if you ssh into server

Select the security group or create one: sonarqube-SG



Launch instance from custom ami:

Connect to the instance (twtech-sonar-server-from-custom-amazon-linux2023-ami) when it is fully initialized.



Accessing the logs of sonarqube server from: twtech-custom ami 

Access sonarqube application provisioned from custom ami:


Login as admin user and start creating users and projects:


Successfully, twtech created a Custom AMI with sonarqube application already installed. it is for amazon linux-2023. This application can be put to the aws marketplace. People can buy and use easily.
up-NEXT

How to Publish a custom Amazon Machine Image Products in AWS Marketplace.

Youtube resources: https://www.youtube.com/watch?v=xvYUN6HB8aQ

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Kubernetes Clusters | Upstream Vs Downstream.

  The terms "upstream" and "downstream" in the context of Kubernetes clusters often refer to the direction of code fl...