Copying AMIs between two AWS partitions can be time-consuming and error-prone. Most of the work we do begins in the AWS Commercial partition and then gets ported over to AWS GovCloud for our US government clients. We love providing AMI services to our gov clients, but the out-of-the-box tooling took hours and slowed us down.
So, we built our own tool. It’s fast, reliable, plugs into your existing automation pipelines, and freely available on GitHub. All you need is:
With RapidFort’s GovCloud AMI tool, it only takes a few minutes to migrate an AMI, there’s no public exposure of S3 buckets, and it’s entirely script-based. Our tool uses your AWS secrets to retain your security and you can even use ephemeral accounts that exist only for the duration of the AMI transfer.
Our GovCloud AMI migration tool is simple, secure, fast, and easy to integrate. The configuration file is very straightforward and looks like this:
# AWS partition commercial
# AWS partition gov
Credentials for AWS Commercial and AWS GovCloud can be dynamically updated via automation or stored locally in a secure location. (Just don’t check this file into your code repository with all the secrets pasted in!)
The file ami-cp.sh does all the work. You can look at the method import_ami() yourself, but from a high level here’s what we do:
Here’s a diagram that shows how our tool works:
The best part? It completes in just a few minutes.
Here’s the basic usage:
./ami-cp.sh import_ami ami-0123456789abcdef my-cool-ami
Download the code on GitHub here:
We’d love to get your feedback on the tool and we’d be happy to take your pull requests. If you find this tool to be useful, we’d love it if you shared it with the broader DevOps community.
We have a lot of small tools like this to make our everyday lives easier. Please follow the RapidFort blog and stay tuned for more tools in the near future. And while you’re here, we encourage you to learn more about how RapidFort can minimize the software attack surface of your container infrastructure.