AWS Commercial to Gov AMI Sharing

# Problem AWS Gov is very restrictive, no roles no AMIs can cross the boarder between the accounts. I unfortunately was faced with a problem that needed a solution, this is more or less the solution. So the first big hurdle is AWS marketplace, if you create an AMI off of it and it has any licensing restriction, you won't be able to share it. In this case we needed a Rocky OS instance. You may not need this specific piece but is: # 1. Creating an OVA with Packer This is a one shot file example of a packer template, if you're doing this for real I would recommend variable-ing out stuff. ```hcl # This is technically optional if they're installed on the system itself, I don't have this on mine but including it because it doesn't really cause any harm aside from a few extra downloads. packer { required_plugins { qemu = { version = ">= 1.1.4" source = "github.com/hashicorp/qemu" } amazon = { version = ">= 1.8.0" source = "github.com/hashicorp/amazon" } } } locals { iso_url = "https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.7-x86_64-minimal.iso" iso_checksum = "sha256:23a1ac1175d8ccada7195863914ef1237f584ff25f73bd53da410d5fffd882b0" output_directory = "output" vm_name = "rocky-9-base" disk_size = 150 } source "qemu" "rocky9" { accelerator = "tcg" boot_command = [ "<tab><wait>", " inst.debug rd.debug inst.text console=tty50,115200n8 inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg<enter>" ] cpus = 4 memory = 4096 disk_detect_zeros = "on" disk_discard = "unmap" net_device = "virtio-net" disk_interface = "virtio-scsi" disk_size = "${local.disk_size}" format = "raw" headless = true http_directory = "http" iso_checksum = local.iso_checksum iso_url = local.iso_url output_directory = local.output_directory qemuargs = [ ["-cpu", "Nehalem"], # This is only set to ["-nographic"], ["-netdev", "user,id=user.0,net=10.0.2.0/26,hostfwd=tcp::{{ .SSHostPort }}-:22"], ["-device", "virtio-net,netdev=user.0"], ["-device", "virtio-scsi-pci,id=scsi0"], ["-device", "scsi-hd,bus=scsi0.0.,drive=drive0"], ["-device", "scsi-hd,bus=scsi0.0.,drive=drive1"], ["-serial", "file:${local.output_directory}/serial.log"] # debugging ] ssh_timeout = 3h ssh_username = "root" ssh_password = "root" ssh_pty = true vm_name = local.vm_name } build { sources = ["source.qemu.rocky9"] } ``` > [!CHECK] Install check > You'll need [qemu](https://www.qemu.org/download/) installed on the system you're running packer from. From there, where the file is you can run the standard packer commands of `packer init` then `packer build .` ## Debugging There's a couple key points I want to go over, because I had some issues finding good information on debugging without just VNCing into the "instance", which I didn't want to do. `" inst.debug rd.debug inst.text console=tty50,115200n8 inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg<enter>"` The debugging is necessary, I think self-evident. The `console=tty50,115200n8` output is actually needed for this part: `["-serial", "file:${local.output_directory}/serial.log"]` which is very key for debugging the image without having to use VNC. With this you can run `tail -f outputs/serial.log` to watch along on the machine packer is running on. # 2. Import OVA as an AMI # 3. Export AMI to be shared with AWS Gov