clusterawsadm ami encrypted-copy
Encrypt and copy AMI snapshot, then create an AMI with that snapshot
Synopsis
Find the AMI based on Kubernetes version, OS, region in the AWS account where AMIs are stored. Encrypt and copy the snapshot of the AMI to the current AWS account. Create an AMI with that snapshot.
clusterawsadm ami encrypted-copy [flags]
Examples
# Create an encrypted AMI:
# Available os options: centos-7, ubuntu-18.04, ubuntu-20.04, amazon-2, flatcar-stable
clusterawsadm ami encrypted-copy --kubernetes-version=v1.18.12 --os=ubuntu-20.04 --region=us-west-2
# owner-id and dry-run flags are optional. region can be set via flag or env
clusterawsadm ami encrypted-copy --os centos-7 --kubernetes-version=v1.19.4 --owner-id=111111111111 --dry-run
# copy from us-east-1 to us-east-2
clusterawsadm ami encrypted-copy --os centos-7 --kubernetes-version=v1.19.4 --owner-id=111111111111 --region us-east-2 --source-region us-east-1
# Encrypt using a non-default KmsKeyId specified using Key ID:
clusterawsadm ami encrypted-copy --os centos-7 --kubernetes-version=v1.19.4 --kms-key-id=key/1234abcd-12ab-34cd-56ef-1234567890ab
# Encrypt using a non-default KmsKeyId specified using Key alias:
clusterawsadm ami encrypted-copy --os centos-7 --kubernetes-version=v1.19.4 --kms-key-id=alias/ExampleAlias
# Encrypt using a non-default KmsKeyId specified using Key ARN:
clusterawsadm ami encrypted-copy --os centos-7 --kubernetes-version=v1.19.4 --kms-key-id=arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef
# Encrypt using a non-default KmsKeyId specified using Alias ARN:
clusterawsadm ami encrypted-copy --os centos-7 --kubernetes-version=v1.19.4 --kms-key-id=arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias
Options
--dry-run Check if AMI exists and can be copied
-h, --help help for encrypted-copy
--kms-key-id string The ID of the KMS key for Amazon EBS encryption
--kubernetes-version string Kubernetes version of the AMI to be copied
--os string Operating system of the AMI to be copied
--owner-id string The source AWS owner ID, where the AMI will be copied from (default "258751437250")
--region string The AWS region in which to provision
--source-region string Set if wanting to copy an AMI from a different region
Options inherited from parent commands
-v, --v int Set the log level verbosity. (default 2)
SEE ALSO
- clusterawsadm ami - AMI commands