X.509証明書の取得

https://portal.aws.amazon.com/gp/aws/securityCredentials?
ここから、X.509証明書のタブをクリック
新規作成して、秘密鍵（pk-で始まる奴）X.509 証明書(cert-で始まる奴）をダウンロードする。

アカウントIDの記録

https://portal.aws.amazon.com/gp/aws/manageYourAccount?
とかから、「アカウントID」のXXXX-XXXX-XXXXの部分を抜き出す。

対象のサーバにログイン

証明書と秘密鍵をサーバに置く

imageファイルの作成

# ec2-bundle-vol -c /mnt/cert-hoge.pem -k /mnt/pk-hoge.pem -u XXXX-XXXX-XXXX  -r x86_64
Copying / into the image file /tmp/image...
Excluding:
         /
         /proc/sys/fs/binfmt_misc
         /sys
         /proc
         /dev/pts
         /dev
         /media
         /mnt
         /proc
         /sys
         /tmp/image
         /mnt/img-mnt
1+0 records in
1+0 records out
1048576 bytes (1.0 MB) copied, 0.0018352 s, 571 MB/s
mke2fs 1.42 (29-Nov-2011)
Bundling image file...
Splitting /tmp/image.tar.gz.enc...
Created image.part.00
Created image.part.01
Created image.part.02
Created image.part.03
Created image.part.04
Created image.part.05
Created image.part.06
Created image.part.07
Created image.part.08
Created image.part.09
Created image.part.10
Created image.part.11
Created image.part.12
Created image.part.13
Created image.part.14
Created image.part.15
Created image.part.16
Created image.part.17
Created image.part.18
Created image.part.19
Created image.part.20
Created image.part.21
Created image.part.22
Created image.part.23
Created image.part.24
Created image.part.25
Created image.part.26
Created image.part.27
Created image.part.28
Created image.part.29
Created image.part.30
Created image.part.31
Created image.part.32
Created image.part.33
Created image.part.34
Created image.part.35
Created image.part.36
Created image.part.37
Created image.part.38
Created image.part.39
Generating digests for each part...
Digests generated.
Unable to read instance meta-data for ancestor-ami-ids
Unable to read instance meta-data for ramdisk-id
Unable to read instance meta-data for product-codes
Creating bundle manifest...
ec2-bundle-vol complete.

S3へのアップロード

# ec2-upload-bundle -b BUCKET_NAME -a ACCESS_KEY_ID -s SECRET_ACCESS_KEY -m /tmp/image.manifest.xml --location ap-northeast-1(東京ならこれ)
Uploading bundled image parts to the S3 bucket BUCKET_NAME ...
Uploaded image.part.00
Uploaded image.part.01
Uploaded image.part.02
Uploaded image.part.03
Uploaded image.part.04
Uploaded image.part.05
Uploaded image.part.06
Uploaded image.part.07
Uploaded image.part.08
Uploaded image.part.09
Uploaded image.part.10
Uploaded image.part.11
Uploaded image.part.12
Uploaded image.part.13
Uploaded image.part.14
Uploaded image.part.15
Uploaded image.part.16
Uploaded image.part.17
Uploaded image.part.18
Uploaded image.part.19
Uploaded image.part.20
Uploaded image.part.21
Uploaded image.part.22
Uploaded image.part.23
Uploaded image.part.24
Uploaded image.part.25
Uploaded image.part.26
Uploaded image.part.27
Uploaded image.part.28
Uploaded image.part.29
Uploaded image.part.30
Uploaded image.part.31
Uploaded image.part.32
Uploaded image.part.33
Uploaded image.part.34
Uploaded image.part.35
Uploaded image.part.36
Uploaded image.part.37
Uploaded image.part.38
Uploaded image.part.39
Uploading manifest ...
Uploaded manifest.
Bundle upload completed.

S3へのアップロードしたものからAMIの作成

Web Console -> S3 -> Buckets
manifest.xmlのファイルを選択してProperties Linkを確認
Web Console -> EC2 -> AMIs -> Register New AMI
AMI Manifest Pathに先ほど確認したxmlファイルのLinkを入力する

ec2-upload-bundleにProxyが必要な場合

ベタ書きだけど、curlに渡してやる。

# vim /opt/aws/amitools/ec2-1.4.0.7/lib/ec2/common/curl.rb
# diff   /opt/aws/amitools/ec2-1.4.0.7/lib/ec2/common/curl.rb.org  /opt/aws/amitools/ec2-1.4.0.7/lib/ec2/common/curl.rb
66c66
<         invocation =  "curl -sSL #{command}"
---
> #        invocation =  "curl -sSL #{command}"
67a68
>         invocation = "curl --proxy proxyserver:8080 -sSL #{command}"
# ec2-upload-bundle -b BUCKET_NAME -a ACCESS_KEY_ID -s SECRET_ACCESS_KEY -m /tmp/image.manifest.xml --location ap-northeast-1(東京ならこれ)
Uploading bundled image parts to the S3 bucket BUCKET_NAME ...
(snip)

インスタンスストアタイプのAMI作成