AWS AMI弃用(API:ec2:RunInstances未经映像授权) [英] AWS AMI deprecation (API: ec2:RunInstances Not authorized for images)
问题描述
所以我一直在我的云形成模板中使用AWS AMI。
So I've been using AWS AMI in my cloud formation template.
似乎它们每个月都会创建新映像,并在2周左右后淘汰旧映像新的发布了。这会带来很多问题:
It seems they create new images every month and deprecate the old ones 2 weeks or so after the new one's released. This creates many problems:
- 旧模板堆栈已损坏。
- 模板需要更新。
我错过了什么吗?
EG
我盯着
E.G. I'm staring at
API:ec2:RunInstances未经授权使用图片:[ami-1523bd2f]
API: ec2:RunInstances Not authorized for images: [ami-1523bd2f]
我的
云形成事件中的错误。
error in my cloud formation events.
查找它就是02.12图像ID:
http://thecloudmarket.com/image/ami-1523bd2f--windows-server-2012-rtm-english-64bit-sql-2012-sp1-web-2014-02- 12
Looking it up that's the 02.12 image id: http://thecloudmarket.com/image/ami-1523bd2f--windows-server-2012-rtm-english-64bit-sql-2012-sp1-web-2014-02-12
现在有一个新的图像ID:
http://thecloudmarket.com/image/ami-e976efd3- -windows-server-2012-rtm-english-64bit-sql-2012-sp1-web-2014-03-12
Where as now there's a new image id: http://thecloudmarket.com/image/ami-e976efd3--windows-server-2012-rtm-english-64bit-sql-2012-sp1-web-2014-03-12
推荐答案
您确实是正确的。发行新版本时,不推荐使用Windows AMI(请参阅 http:// docs .aws.amazon.com / AWSEC2 / latest / WindowsGuide / Basics_WinAMI.html )
You are correct indeed. Windows AMI are deprecated when a new version is released (see http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Basics_WinAMI.html)
到目前为止,没有即按即用解决方案,文档说: AWS一年几次更新AWS Windows AMI。更新涉及不推荐使用以前的AMI,并用新的AMI和AMI ID替换它。要在更新后找到AMI,请使用名称代替ID。基本AMI名称的结构通常是相同的,并且在末尾添加了新日期,您可以使用查询或脚本按名称搜索AMI,确认已找到正确的AMI,然后启动实例。
There is no "point and click" solution as of today, documentation says : "AWS updates the AWS Windows AMIs several times a year. Updating involves deprecating the previous AMI and replacing it with a new AMI and AMI ID. To find an AMI after it's been updated, use the name instead of the ID. The basic structure of the AMI name is usually the same, with a new date added to the end. You can use a query or script to search for an AMI by name, confirm that you've found the correct AMI, and then launch your instance."
一个可能的解决方案可能是开发一个CloudFormation自定义资源,该资源将在启动EC2实例之前检查AMI的可用性。
One possible solution might be to develop a CloudFormation Custom Resource that would check for AMI availability before launching an EC2 instance.
请参阅有关CFN自定义的此文档资源: http://docs.aws.amazon.com/AWSCloudFormation /latest/UserGuide/crpg-walkthrough.html
See this documentation about CFN Custom Resources : http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/crpg-walkthrough.html
然后来自re:Invent的演讲: https://www.youtube.com/watch?v=ZhGMaw67Yu0#t=945 (和此示例代码用于AMI查找)
And this talk from re:Invent : https://www.youtube.com/watch?v=ZhGMaw67Yu0#t=945 (and this sample code for AMI lookup)
您也可以选择基于Amazon提供的自定义AMI进行创建,即使您不进行任何修改也是如此。您的自定义AMI将是Amazon提供的自定义AMI的精确副本,但在Amazon AMI弃用后仍将可用。
You also have the option to create your own custom AMI based on an Amazon provided one.Even if you do not modify anything. Your custom AMI will be an exact copy of the one provided by Amazon but will stay available after Amazon AMI's deprecation.
Netflix提供了开源工具来帮助管理AMI,具有看看 Aminator
Netflix has open sourced tools to help to manage AMIs, have a look at Aminator
Linux AMI已过时发行后的第二年(今天仍然可以使用2003.11!),但是只要有可用的修补程序版本,就会不推荐使用Windows AMI。这是出于安全原因。
Linux AMI are deprecated years after release (2003.11 is still available today !) but Windows AMI are deprecated as soon as a patched version is available. This is for security reason.
这篇关于AWS AMI弃用(API:ec2:RunInstances未经映像授权)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
