2

I am trying to solve a problem that I though would be much simpler than it is. I have a multiple AWS account setup. E.g. Non-Production, Production, SharedServices etc. I want to keep my AMIs in SharedServices. The snaps attached to this AMI must be encrypted. The AMIs are MS Windows based.

Has anybody shared ms windows based AMI's across accounts that have encrypted snaps attached. If so can you explain how you achieved this for ms windows based AMI's.

Regards, David

Improve this question

2 Answers 2

Reset to default
1

I've done this before, but with Linux, not Windows AMIs. However I'm not aware of any reason the process would be different.

You need to encrypt them with a KMS key that you have created. In other words you can't use the default KMS key for these. Once you've done that you can give the other accounts access to the KMS key, and then share the AMI/snapshot with them.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

To emphasize @mark-b, the requesting AWS account needs access to the source AWS account's KMS key in order to decrypt the shared AMI/snapshots.
Hi, I keep getting the following error when I try to share the encrypted AMI. The requested operation is not supported. Images associated with encrypted Snapshots can not be shared
I ended up using the unencrypted AMI, sharing it to destination account. Spin up instance from shared ami, update accordingly and sysprep and shutdown, convert to ami and finally copy ami and encrypt.
1

I ended up using the unencrypted AMI.

Shared with destination account Spin up new instance from shared ami Update instance if required Sysprep and shutdown Convert to ami Finally copy ami and encrypt

Regards, David

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.