Reputation: 101
How do I copy an encrypted AMI from one aws account to another?
Currently I am using Packer to create a custom AMI and I would like to share it to multiple aws accounts for our deployment pipeline.
Since I have "encrypt_boot": true, I get this error:
Errors validating build 'amazon-ebs'. 1 error(s) occurred:
* Cannot share AMI encrypted with default KMS key
Would anyone know how I can share an encrypted AMI to multiple AWS accounts?
Upvotes: 0
Views: 11819
Answers (2)
Reputation: 628
As other people mentioned you will have to use a CMK to be able encrypt and share snapshots with your other accounts.
You specify the key in the Packer configuration with kms_key_id and provide a list of target account IDs that are allowed to use the snapshots with snapshot_users. You can then use packer-post-processor-ami-copy to copy the AMI into other accounts.
Upvotes: 1
Reputation: 166
You can do using the AWS Please go through the blog How to share encrypted AMIs across accounts to launch encrypted EC2 instances | AWS Security Blog.
Upvotes: 3
Related Questions
- Copy AMI from one AWS account to another AWS account using boto
- Packer: Generate AMI from a running EC2 Instance
- AWS permissions required to copy and encrypt AMI
- Extracting an AMI from AWS to local
- Issue when copy AMI owned by another account
- How can I copy an AMI to another account using Packer?
- How to launch an AMI instance copied from another region?
- Copy encrypted EBS snapshot to another account
- How to download EBS-backed AMI from AWS into local machine?
- How can I unpack an old Amazon AMI?