mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
Fixed a bug with making AMIs public (#4742)
This commit is contained in:
parent
43178f34d8
commit
c62f9865b6
|
@ -19,11 +19,13 @@ BUILD_DIR=$(readlink -f "${SCRIPT_DIR}/build")
|
|||
AMI_TAG="production"
|
||||
OUTFILE="amis.txt"
|
||||
BUILD_TIMESTAMP_FILENAME="${RUN_MODE}_build_timestamp.txt"
|
||||
NAME_FILTER="*${RUN_MODE}*"
|
||||
# Conditionally set variables for FIPS
|
||||
if [[ "${RUN_MODE}" == "ent-fips" ]]; then
|
||||
AMI_TAG="production-fips"
|
||||
OUTFILE="amis-fips.txt"
|
||||
BUILD_TIMESTAMP_FILENAME="ent_build_timestamp.txt"
|
||||
NAME_FILTER="*-fips"
|
||||
fi
|
||||
|
||||
# Remove existing AMI ID file if present
|
||||
|
@ -39,26 +41,21 @@ if [ ! -f "${TIMESTAMP_FILE}" ]; then
|
|||
fi
|
||||
BUILD_TIMESTAMP=$(<"${TIMESTAMP_FILE}")
|
||||
|
||||
# Write AMI ID for each region to AMI ID file
|
||||
# Iterate through AMIs
|
||||
for REGION in ${REGION_LIST}; do
|
||||
aws ec2 describe-images --region ${REGION} --filters "Name=tag:BuildTimestamp,Values=${BUILD_TIMESTAMP}" "Name=tag:BuildType,Values=${AMI_TAG}" > "${BUILD_DIR}/${REGION}.json"
|
||||
AMI_ID=$(jq --raw-output '.Images[0].ImageId' "${BUILD_DIR}/${REGION}.json")
|
||||
AMI_ID=$(aws ec2 describe-images --region ${REGION} --filters "Name=name,Values=${NAME_FILTER}" "Name=tag:BuildTimestamp,Values=${BUILD_TIMESTAMP}" "Name=tag:BuildType,Values=${AMI_TAG}"| jq -r '.Images[0].ImageId')
|
||||
if [[ "${AMI_ID}" == "" || "${AMI_ID}" == "null" ]]; then
|
||||
echo "Error: cannot get AMI ID for ${REGION}"
|
||||
exit 2
|
||||
fi
|
||||
rm -f "${BUILD_DIR}/${REGION}.json"
|
||||
echo "${REGION}=${AMI_ID}" >> "${BUILD_DIR}/${OUTFILE}.txt"
|
||||
done
|
||||
|
||||
# Make each AMI public (set launchPermission to 'all')
|
||||
for REGION in ${REGION_LIST}; do
|
||||
AMI_ID=$(grep ${REGION} "${BUILD_DIR}/${OUTFILE}.txt" | awk -F= '{print $2}')
|
||||
if [[ "${AMI_ID}" == "" || "${AMI_ID}" == "null" ]]; then
|
||||
echo "Error: cannot get AMI ID for ${REGION}"
|
||||
exit 3
|
||||
else
|
||||
aws ec2 modify-image-attribute --region ${REGION} --image-id ${AMI_ID} --launch-permission "Add=[{Group=all}]"
|
||||
# Make each AMI public (set launchPermission to 'all')
|
||||
aws ec2 modify-image-attribute --region ${REGION} --image-id ${AMI_ID} --launch-permission "Add=[{Group=all}]"
|
||||
# Check that the AMI was successfully made public by listing it again
|
||||
# The output will be "true" if the AMI is public and "" if it doesn't exist or is private
|
||||
PUBLIC_CHECK=$(aws ec2 describe-images --region ${REGION} --filters "Name=image-id,Values=${AMI_ID}" "Name=is-public,Values=true" | jq -r '.Images[].Public')
|
||||
if [[ "${PUBLIC_CHECK}" == "true" ]]; then
|
||||
echo "AMI ID ${AMI_ID} for ${REGION} set to public"
|
||||
else
|
||||
echo "WARNING: There was an error making ${AMI_ID} in ${REGION} public!"
|
||||
fi
|
||||
done
|
||||
|
|
Loading…
Reference in a new issue