Fixed a bug with making AMIs public (#4742)

2024-10-21 01:34:01 +00:00 · 2020-11-17 16:10:08 -04:00 · 2020-11-17 16:10:08 -04:00 · c62f9865b6
parent 43178f34d8
commit c62f9865b6
1 changed files with 12 additions and 15 deletions
--- a/assets/aws/files/make-amis-public.sh
+++ b/assets/aws/files/make-amis-public.sh
@ -19,11 +19,13 @@ BUILD_DIR=$(readlink -f "${SCRIPT_DIR}/build")
 AMI_TAG="production"
 OUTFILE="amis.txt"
 BUILD_TIMESTAMP_FILENAME="${RUN_MODE}_build_timestamp.txt"
+NAME_FILTER="*${RUN_MODE}*"
 # Conditionally set variables for FIPS
 if [[ "${RUN_MODE}" == "ent-fips" ]]; then
    AMI_TAG="production-fips"
    OUTFILE="amis-fips.txt"
    BUILD_TIMESTAMP_FILENAME="ent_build_timestamp.txt"
+    NAME_FILTER="*-fips"
 fi

 # Remove existing AMI ID file if present
@ -39,26 +41,21 @@ if [ ! -f "${TIMESTAMP_FILE}" ]; then
 fi
 BUILD_TIMESTAMP=$(<"${TIMESTAMP_FILE}")

-# Write AMI ID for each region to AMI ID file
+# Iterate through AMIs
 for REGION in ${REGION_LIST}; do
-    aws ec2 describe-images --region ${REGION} --filters "Name=tag:BuildTimestamp,Values=${BUILD_TIMESTAMP}" "Name=tag:BuildType,Values=${AMI_TAG}" > "${BUILD_DIR}/${REGION}.json"
-    AMI_ID=$(jq --raw-output '.Images[0].ImageId' "${BUILD_DIR}/${REGION}.json")
+    AMI_ID=$(aws ec2 describe-images --region ${REGION} --filters "Name=name,Values=${NAME_FILTER}" "Name=tag:BuildTimestamp,Values=${BUILD_TIMESTAMP}" "Name=tag:BuildType,Values=${AMI_TAG}"| jq -r '.Images[0].ImageId')
    if [[ "${AMI_ID}" == "" || "${AMI_ID}" == "null" ]]; then
        echo "Error: cannot get AMI ID for ${REGION}"
        exit 2
    fi
-    rm -f "${BUILD_DIR}/${REGION}.json"
-    echo "${REGION}=${AMI_ID}" >> "${BUILD_DIR}/${OUTFILE}.txt"
-done
-
-# Make each AMI public (set launchPermission to 'all')
-for REGION in ${REGION_LIST}; do
-    AMI_ID=$(grep ${REGION} "${BUILD_DIR}/${OUTFILE}.txt" | awk -F= '{print $2}')
-    if [[ "${AMI_ID}" == "" || "${AMI_ID}" == "null" ]]; then
-        echo "Error: cannot get AMI ID for ${REGION}"
-        exit 3
-    else
-        aws ec2 modify-image-attribute --region ${REGION} --image-id ${AMI_ID} --launch-permission "Add=[{Group=all}]"
+    # Make each AMI public (set launchPermission to 'all')
+    aws ec2 modify-image-attribute --region ${REGION} --image-id ${AMI_ID} --launch-permission "Add=[{Group=all}]"
+    # Check that the AMI was successfully made public by listing it again
+    # The output will be "true" if the AMI is public and "" if it doesn't exist or is private
+    PUBLIC_CHECK=$(aws ec2 describe-images --region ${REGION} --filters "Name=image-id,Values=${AMI_ID}" "Name=is-public,Values=true" | jq -r '.Images[].Public')
+    if [[ "${PUBLIC_CHECK}" == "true" ]]; then
        echo "AMI ID ${AMI_ID} for ${REGION} set to public"
+    else
+        echo "WARNING: There was an error making ${AMI_ID} in ${REGION} public!"
    fi
 done