I started to use Amazon EC2 cloud for penetration tests. Besides having short-term (costs money) scalable processing power for various tasks it also enables me to care less if automated IPS response blocks my IP. I can always bring up another instance...
Provisioning new instances is not hard. There's now AWS console to take advantage of. Useful and pretty. What's been bugging me is that the EC2 images are snapshots of system configuration that revert back to known configuration. So if I apt-get my system and/or download some software I have to rebuild the image so I don;t loose the work. Yes I can mount S3 persistent storage drive and "try" to install all my software there; and then just move it between instances as I bring them up. However it may not work for me all the time. I want to have an (semi)-automated way of "fixating" changes I make to core system and staring new instances with updated image.
So here is somewhat automated way of building Amazon EC2 AMIs.
You may need to fetch Amazon AMI Tools and creating AMI build environment
#!/bin/bash
usage(){
echo "ERROR: arguments
}
EC2_HOST="$1"
EC2_SNAPSHOT="$2"
# Environment
EC2_HOME=/usr/local/ec2
EC2_PRIVATE_KEYF=pk-RKxxxxxxxxxxxxxxxxxxxxxx.pem
EC2_PRIVATE_KEY=$EC2_HOME/pk-RKxxxxxxxxxxxxxxxxxxxxxxx.pem
EC2_CERTF=cert-RKxxxxxxxxxxxxxxxxxxxxxxxxx.pem
EC2_CERT=$EC2_HOME/cert-RKxxxxxxxxxxxxxxxxxxxxxxxxxx.pem
EC2_HOST_DIR="/mnt"
EC2_RSA="$EC2_HOME/id_rsa-dxs-keypair"
EC2_ACCT=2245946456456456
EC2_DEFAULT_ARCH=i386
S3_BUCKET="dxs-yZksjhflsaudhflkajsdf"
EC2_ACCESSKEY="05HAPBln3245jk32j45"
EC2_SECKEY="pdyyyyyyyyyyyyyyyyyyyyyyyyyyy"
if [[ $# -ne 2 ]]
then
usage && exit 1
fi
echo "[*] Going to $EC2_HOME"
cd $EC2_HOME
echo "[*] Copying [PRIV] and [CERT] from $EC2_HOME to $EC2_HOST"
scp -i $EC2_RSA $EC2_CERT $EC2_PRIVATE_KEY root@$EC2_HOST:$EC2_HOST_DIR
echo "[*] Building AMI $EC2_SNAPSHOT to $EC2_HOST_DIR"
ssh -i $EC2_RSA root@$EC2_HOST \
"EC2_HOME=$EC2_HOME $EC2_HOME/bin/ec2-bundle-vol -d $EC2_HOST_DIR -k \
$EC2_HOST_DIR/$EC2_PRIVATE_KEYF \
-c $EC2_HOST_DIR/$EC2_CERTF -u $EC2_ACCT -r $EC2_DEFAULT_ARCH -p $EC2_SNAPSHOT"
echo "[*] Uploading AMI $EC2_SNAPSHOT to S3"
ssh -i $EC2_RSA root@$EC2_HOST "EC2_HOME=$EC2_HOME $EC2_HOME/bin/ec2-upload-bundle \
-b $S3_BUCKET -m $EC2_HOST_DIR/${EC2_SNAPSHOT}.manifest.xml -a $EC2_ACCESSKEY -s \
$EC2_SECKEY"
echo "[*] Checking S3 bucket"
/usr/bin/s3cmd ls s3://$S3_BUCKET
echo "[*] Currently Registered Instances"
$EC2_HOME/bin/ec2-describe-images
echo "[*] Registering Instance ${EC2_SNAPSHOT} "
$EC2_HOME/bin/ec2-register $S3_BUCKET/${EC2_SNAPSHOT}.manifest.xml
echo "[*] Newly Registered Instances"
$EC2_HOME/bin/ec2-describe-images If
on EC2 instance if you don;t have it yet.#echo "[*] Getting ec2-ami-tools from AMAZON"
wget http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.zip -o /tmp/ec2-ami-tools.zip
#echo "[*] Getting ec2-ami-tools to $EC2_HOST"
scp -i $EC2_RSA /tmp/ec2-ami-tools.zip root@$EC2_HOST:$EC2_HOST_DIR
#echo "[*] Making $EC2_HOME on $EC2_HOST"
ssh -i $EC2_RSA root@$EC2_HOST "mkdir -p /usr/local/ec2"
Of course, there's no limit to how automated you can make it.
Thursday, May 28, 2009
Automating AMI builds for Amazon EC2
Posted by snow at 1:42 PM
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment