Your AMI can help to earn money! Create and Sell AWS AMI in 2020.

  • by

Today in this article, we will see how can we create our own AMI from an ISO and how can we make money by selling that Amazon Machine Image in AWS Marketplace!

Create AMI from ISO

While creating an EC2 instance, you have to choose an AMI at it’s first place. You can find various AMI(s) in the market place. Some of them are free and some of them are chargeable. You can choose a pre-existing machine image if it matches your criterion. However, if you want higher security for your application or if you want to customize your instance image based on your good practice, you may find a need of creating image by your own.

When I’ve time and if my budget permits, I always prefer to spend some time and prepare my essentials by myself. It helps me to organize my IT resource in my own way and provides extra layer of server security.

– What do you think?

– Do you also think the same as I am?

Let me know in the comment section!

Today we will create an AMI from a virtual box image (.vmdk) file.

Highlights

  • The produced AMIs are suitable for HVM virtualization however pv requires more steps such as installing a pv enabled kernel.
  • We will need a S3 bucket to upload the images for conversion to AMI.
  • A proper IAM role and policies to be created for vmimport. If you are new to IAM role and policies, I suggest to checkout my article on IAM.
  • If you are an AWS IAM user, you also need to attach the following inline policy. Replace with your own 12 digit AWS account ID.
{
"Version": "2012-10-17",
"Statement": [
{
    "Effect": "Allow",
    "Action": [
        "iam:CreateRole",
        "iam:PutRolePolicy"
    ],
    "Resource": [
        "arn:aws:iam::<youraccountid>:role/vmimport"
    ]
}
]
}

Step-by-step Process

  • First, let’s create our VM. Virtual Box needs to have cloud-init installed and configured. RedHat based distributions include cloud-utils in the EPEL repo; the following script can be used to configure the expected login user as ec2-user:
#!/bin/bash -xeu
    yum install -y cloud-init cloud-utils-growpart dracut-modules-growroot
    cat >/etc/cloud/cloud.cfg <<-'EOF'
users:
 - default
disable_root: 1
ssh_pwauth:   0
locale_configfile: /etc/sysconfig/i18n
mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2']
resize_rootfs_tmp: /dev
ssh_deletekeys:   0
ssh_genkeytypes:  ~
syslog_fix_perms: ~
cloud_init_modules:
 - bootcmd
 - write-files
 - resizefs
 - set_hostname
 - update_hostname
 - update_etc_hosts
 - rsyslog
 - users-groups
 - ssh
cloud_config_modules:
 - mounts
 - locale
 - set-passwords
 - timezone
 - runcmd
cloud_final_modules:
 - scripts-per-once
 - scripts-per-boot
 - scripts-per-instance
 - scripts-user
 - ssh-authkey-fingerprints
 - keys-to-console
 - final-message
system_info:
  distro: rhel
  default_user:
    name: ec2-user
  paths:
    cloud_dir: /var/lib/cloud
    templates_dir: /etc/cloud/templates
  ssh_svcname: sshd
EOF
  • When the job is completed, describe-import-image-tasks will report Status: completed and the ImageId.
{
  "Status": "completed",
  "LicenseType": "BYOL",
  "Description": "AMI FROM VMDK",
  "ImageId": "ami-XXXXXX",
  "Platform": "Linux",
  "Architecture": "x86_64",
  "SnapshotDetails": [
      {
          "DeviceName": "/dev/sda1",
          "Description": "AMIFROMVMDK",
          "Format": "VMDK",
          "DiskImageSize": 906047744.0,
          "SnapshotId": "snap-d6689a34",
          "UserBucket": {
              "S3Bucket": "amibucket",
              "S3Key": "amivm.vmdk"
          }
      }
  ],
  "ImportTaskId": "import-ami-ggrdnj0y"
}
  • At this point, we can use the new AMI.
    • Kindly note that the produced machine image will have some auto generated name and description. Now, you copy your image using below command.
aws --region <destination_region> --source-region <the_region_you_used_before> --source-image-id <produced_image_id> --name "Bundle_Name" --description "Give description of the image"
Remember to de-register and clean up the associated snapshot id for the temporary AMI created by import-image.

Caution

Be careful about your user and it’s password in virtual box. Make sure that the default user does not have the default password and/or insecure key. Otherwise your deployed instances will be less secure and could be easily hacked.

How to sell AMI in AWS Marketplace?

Now, we will see how can we sell our AMI using AWS Marketplace.

Are you eligible to sell a paid product in AWS Marketplace?

AWS put some eligibility criterion before being able to sell our product through their market place. For example, to sell paid software in AWS Marketplace, we must be a permanent resident or citizen in one of the following countries, or a business entity organized or incorporated therein:

  • Australia¹
  • Bahrain¹ ²
  • European Union (EU) member state¹
  • New Zealand¹
  • Norway¹ ²
  • Switzerland¹ ²
  • United Arab Emirates (UAE)¹ ²
  • United Kingdom (UK)¹
  • United States (US)

¹ Sellers of paid products in these countries must provide VAT information.

² In these countries, sellers may need to provide an invoice to buyers.

For more detail on their seller eligibility, you can refer the link here.

AMI criterion for selling!

Machine image has to satisfy some criterion before we sell through AWS Marketplace. The bash script shown above already incorporates those best practices. However, we should double check before we register it for selling. For your better understanding, I am mentioning the AWS Machine Image criterion below in bullet forms.

  • Root login MUST be disabled.
  • We’ve to create our AMI in US East (N. Virginia) Region.
  • AMI must be build with most up-to-date operating systems, packages, and software.
  • It must start with a public AMI that uses hardware virtual machine (HVM) virtualization and 64-bit architecture.
  • AMI should have a life cycle and update mechanism.
  • AWS recommends a consistent OS user like ec2-user across all AMIs.
  • Testing is important. So, test your machine image by creating a small instance before uploading to AWS Marketplace.
  • Port settings is important considering security. For Linux image, make sure port 22 is open for ssh connection. For Windows, ensure that an RDP port is open. The default is 3389. Also, the WinRM port (5985 by default) must be open to 10.0.0.0/16.

We should take advantage of Self-service AMI scanning to scan our machine image before uploading. AMI scanning is available in the AWS Marketplace Management Portal. With this feature, we will be able to initiate scans of our AMIs and receive scanning results quickly—typically in less than an hour—with clear feedback in a single location.

Steps to sell AMI

Register with AWS Marketplace

In order to sell machine image, we need to register ourselves in AWS Marketplace. That is the first step. Before you register, I strongly recommend to go through their prerequisites which will help you to complete the registration process easily. AWS Marketplace registration prerequisite can be found here.

Upload your AMI to AWS Marketplace

Now, we need to list our AMI-product in the market place. To upload a new product load form, go to File Upload in the AWS Marketplace Management Portal. From there, we need to download the most recent product load template.

Removal of AMI from AWS Marketplace

We can remove our product at any point of time. We just need to submit a Sunset Request with AWS mentioning the reason and our registered mail address. AWS team will take care of the product removal.

Please note that we have to provide support for next 90 days for the existing subscribers. You may consider this tenure as a notice period to your existing customers. We can also provide a replacement product ID if we want to replace the current product with a new one.

Conclusion

Thank you for your time to read the article. I believe, you’ve found this article informative. I also hope that this article will be able to guide my dear readers (who are trying to make his/her own identity) to get an way to earn money. If you like this article, please feel free to share this article with anyone where my article can contribute it’s two cents!

Tags: