#12320 Allow to copy Fedora AMIs
Closed: Upstream 2 months ago by kevin. Opened 2 months ago by mh21.

We would like to be able to copy Fedora AMIs to our own AWS account. While the AMIs themselves are public, the underlying snapshots are not, which results in the following error when trying to copy one of the images:

Failed to copy ami-09a038864477bfe88 You do not have permission to access the storage of this ami

Reproducer: AWS console -> EC2 -> AMIs -> Search for AMI -> Actions -> Copy AMI

Request: make snapshots underlying Fedora AMIs public as well

Background: the CKI team dynamically spawns AWS workers using Fedora AMIs. This broke yesterday because one of the AMIs (FC39) disappeared.


Metadata Update from @zlopez:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: aws, low-gain, medium-trouble

2 months ago

I'm sure this is useful anyway, but for the record, the F39 AMI disappeared because F39 is EOL. There should be no need to run anything on it any more.

I'm sure this is useful anyway, but for the record, the F39 AMI disappeared because F39 is EOL. There should be no need to run anything on it any more.

Yeah we guessed so, and it was an oversight in the progressive upgrade to FC40/41 that these images were still used; anyway, we still need to implement a mitigation for stuff like this where a simple mistake results in an extensive outage of the kernel workflow because the images we use are not under our control and (as proven here) can disappear without notice 😕

ftr, I really think removing these images was (one of) the right thing(s) to do; it just creates a serious failure mode for any infrastructure that (inadvertently) still depends on them; being able to copy the images would mitigate this completely 🤗

Thank you for your consideration!

Metadata Update from @kevin:
- Issue close_status updated to: Upstream
- Issue status updated to: Closed (was: Open)

2 months ago

Log in to comment on this ticket.

Metadata