How do I copy an encrypted AMI from one aws account to another?

Currently I am using Packer to create a custom AMI and I would like to share it to multiple aws accounts for our deployment pipeline.

Since I have "encrypt_boot": true, I get this error:Errors validating build 'amazon-ebs'. 1 error(s) occurred:* Cannot share AMI encrypted with default KMS key

Would anyone know how I can share an encrypted AMI to multiple AWS accounts?

2

Best Answer

You can do using the AWS Please go through the blogHow to share encrypted AMIs across accounts to launch encrypted EC2 instances | AWS Security Blog.

As other people mentioned you will have to use a CMK to be able encrypt and share snapshots with your other accounts.

You specify the key in the Packer configuration with kms_key_id and provide a list of target account IDs that are allowed to use the snapshots with snapshot_users. You can then use packer-post-processor-ami-copy to copy the AMI into other accounts.

Random Posts

font-family of a font, what is it?SQL Queries "00904. 00000 - "%s: invalid identifier"How to calculate number of days between two dates?Where to place requirements.yml for Ansible and use it to resolve dependencies?Java localization best practicesDefining global constant in C++git pull: replace local version with the remote versionHow to download Sf package on MacOSDisable Button in Angular 2How can you determine a point is between two other points on a line segment?jQuery: How can I show an image popup onclick of the thumbnail?Is it possible to configure mongo-express auth to present a login screen and control access to databases?CSS - Overflow: Scroll; - Always show vertical scroll bar?Golang Round to Nearest 0.05Vue.js - How to view or render local PDF files?jQuery Scroll to DivCan I convert HL7 v2 message to a FHIR resource directly? [duplicate]Node, formidable - Why does require work but import does not?Converting latex code to Images (or other displayble format) with PythonUsing pipe character as a field separator