RedHatOfficial · ivanbaldo · Jul 2, 2024
diff --git a/training/README.md b/training/README.md
@@ -129,6 +129,25 @@ The following image disk types are currently available:
 | `anaconda-iso`        | An unattended Anaconda installer that installs to the first disk found.               |
 | `raw`                 | Unformatted [raw disk](https://en.wikipedia.org/wiki/Rawdisk).                        |
 
+Some of these variables can be used in conjunction with DISK_TYPE=ami to upload the local disk image to S3 and create the AMI from it:
+| Variable             | Description                                                                     |
+|----------------------|---------------------------------------------------------------------------------|
+| AWS_CREDENTIALS_FILE | Optional full path to AWS credentials format file, eg. `$HOME/.aws/credentials` |
+| AWS_PROFILE          | Optional profile section to use from the credentials file, eg. `default`        |
+| AWS_AMI_NAME         | Required AMI name, eg. `rhelai-dev-preview-$(date -I)`                          |
+| AWS_BUCKET           | Required pre-existing S3 bucket name, eg. `rhelai-images`                       |
+| AWS_REGION           | Required region, eg. `us-east-1`                                                |
+
+If you are in an EC2 instance with the required role attached giving it permissions then:
+```shell
+make disk-nvidia DISK_TYPE=ami AWS_AMI_NAME=rhelai-dev-preview-$(date -I) AWS_BUCKET=rhelai-images AWS_REGION=us-east-1
+```
+or if you are outside AWS and uploading to it with access keys stored in the credentials file:
+```shell
+make disk-nvidia DISK_TYPE=ami AWS_AMI_NAME=rhelai-dev-preview-$(date -I) AWS_BUCKET=rhelai-images AWS_REGION=us-east-1 AWS_CREDENTIALS_FILE="$HOME/.aws/credentials" AWS_PROFILE=default
+```
+For information about the required permissions see [Required permissions for VM Import/Export](https://docs.aws.amazon.com/vm-import/latest/userguide/required-permissions.html).
+
 # Troubleshooting
 
 Sometimes, interrupting the build process may lead to wanting a complete restart of the process. For those cases, we can instruct `podman` to start from scratch and discard the cached layers. This is possible by passing the `--no-cache` parameter to the build process by using the `CONTAINER_TOOL_EXTRA_ARGS` variable:

diff --git a/training/common/Makefile.common b/training/common/Makefile.common
@@ -18,6 +18,11 @@ IMAGE_BUILDER_CONFIG ?=
 DISK_TYPE ?= qcow2
 DISK_UID ?= $(shell id -u)
 DISK_GID ?= $(shell id -g)
+AWS_CREDENTIALS_FILE ?=
+AWS_PROFILE ?=
+AWS_AMI_NAME ?=
+AWS_BUCKET ?=
+AWS_REGION ?=
 
 ARCH ?=
 
@@ -78,21 +83,28 @@ growfs:
 .PHONY: bootc-image-builder
 bootc-image-builder:
 	mkdir -p build/store
+# --net host is needed for AWS when using instance roles (it needs access to instance metadata).
 	podman run \
 	  --rm \
 	  -ti \
 	  -v $(GRAPH_ROOT):/var/lib/containers/storage \
 	  $(AUTH_JSON:%=-v %:/run/containers/0/auth.json) \
 	  $(IMAGE_BUILDER_CONFIG:%=-v %:/config.json) \
 	  --privileged \
+	  --net host \
 	  --pull newer \
 	  -v ./build:/output \
 	  -v ./build/store:/store \
+	  $(AWS_CREDENTIALS_FILE:%=-v $(AWS_CREDENTIALS_FILE):/root/.aws/credentials:ro) \
+	  $(AWS_PROFILE:%=--env AWS_PROFILE=$(AWS_PROFILE)) \
 	  $(BOOTC_IMAGE_BUILDER) \
 	  $(ARCH:%=--target-arch %) \
 	  $(IMAGE_BUILDER_CONFIG:%=--config /config.json) \
 	  --type $(DISK_TYPE) \
 	  --chown $(DISK_UID):$(DISK_GID) \
+	  $(AWS_AMI_NAME:%=--aws-ami-name %) \
+	  $(AWS_BUCKET:%=--aws-bucket %) \
+	  $(AWS_REGION:%=--aws-region %) \
 	  --local \
 	  $(BOOTC_IMAGE)