Discussion:
AMI storage permissions
Jacob Smith
2017-09-25 16:25:40 UTC
Permalink
Hi,

Would it be possible to make the snapshots, used by the AMIs on the
379101102735 account, public so that the AMI can be copied?

I'm trying to enable storage encryption with KMS and I'm getting the
error "You do not have permission to access the storage of this ami".
If they're already public in one particular region (perhaps where
they're created?) then it would be useful to know which.

Thanks,
Jacob
Jacob Smith
2017-09-29 14:54:34 UTC
Permalink
To add detail to this request and hopefully useful specifics:

In Amazon AWS eu-west-1 region, the latest Debian 9 AMI is
ami-d037cda9. This machine image is underpinned by snapshot
snap-038fec8da9e5147a6. Since this snapshot is not publicly shared
(even though the AMI itself is) it's not possible to copy the AMI and
enable storage encryption.

The Ubuntu LTS 16.04 AMI ami-17d11e6e is an example of a public AMI
and public snapshot (snap-05d06dc5b34b5236b) if that's a useful
reference.

Is Noah Meyerhans still the builder of the most recent Stretch AMIs?

Thanks,
Jacob
Post by Jacob Smith
Hi,
Would it be possible to make the snapshots, used by the AMIs on the
379101102735 account, public so that the AMI can be copied?
I'm trying to enable storage encryption with KMS and I'm getting the
error "You do not have permission to access the storage of this ami".
If they're already public in one particular region (perhaps where
they're created?) then it would be useful to know which.
Thanks,
Jacob
Noah Meyerhans
2017-10-08 19:48:32 UTC
Permalink
Post by Jacob Smith
Would it be possible to make the snapshots, used by the AMIs on the
379101102735 account, public so that the AMI can be copied?
I've updated the AMI publication tools to mark the backing snapshots
public. I've published stretch 9.2 AMIs with the updated tooling, so
their snapshots should be public.

The current AMI details are listed at
https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch

noah

Loading...