@lrossett : can you send me (private email works fine) the public ip range from which you'll interact with the aws api ? We need to restrict from where the credentials will be used (best practices)
Also, when discussing with @pingou I realized that I have his gpg pub key but can you update your fas account to point to a gpg public key id that can be found on a public keyserver ?

TIA

users/access key/secret key generated and gpg encrypted transferred to @pingou
There is now a (non public) centos-sigs-ami-images S3 bucket which you can use to upload first your raw cloud image.
From there you can import as snapshot in one region as AMI and then copy to different regions

PS : waiting for the IP addresses range to adapt new policy attached to that user, so don't try it now : it wouldn't work

@arrfab Should I target a specific s3 region?

That bucket was created in us-east-2 (only one) so you can start your import to create the AMI in same region and then copy it to others

I am getting an "AccessDenied" (403) error, is the user policy still being processed?

yes, as said above, I'm still waiting for a mail from your about the IP range to allow for that (currently it would be denied, per existing policy) ;-)

PS : waiting for the IP addresses range to adapt new policy attached to that user, so don't try it now : it wouldn't work

Policy updated with the IP (only one ?) that you sent us

Can we close this ticket now ? (as policy was updated and no negative feedback received)

Apologies, yes it can be closed.