Run this script from a Fedora 37 Workstation with imagefactory and awscli installed.
Usage:
./run_empanadas.sh bashinside container:
imagefactory --debug --verbose --timeout 3600 base_image --parameter generate_icicle false --parameter oz_overrides "{'libvirt': {'memory': 2048}, 'custom': {'useuefi': 'no'}}" --file-parameter install_script /transfer/kickstarts/Rocky-9-EC2-Base.ks /transfer/iso-template.xml 2>&1 | tee /transfer/run-output-iso.txton the host:
img=GENERATED_UUID; ./publish-disk-to-aws.sh $img.body /var/lib/imagefactory/storage/$img.bodyCustom inline policy allow-access-to-custom-software-bucket for the arn:aws:iam::AWS_ACCOUNT_ID:user/ami-uploader user.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:CreateTags",
"ec2:ImportSnapshot",
"s3:ListBucket",
"ec2:ImportImage",
"ec2:RegisterImage"
],
"Resource": [
"arn:aws:ec2:*:AWS_ACCOUNT_ID:import-snapshot-task/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:AWS_ACCOUNT_ID:import-image-task/*",
"arn:aws:ec2:*::image/*",
"arn:aws:s3:::custom-software-bucket"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::custom-software-bucket/*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"ec2:DescribeImportImageTasks",
"ec2:DescribeImportSnapshotTasks"
],
"Resource": "*"
}
]
}