|
|
@@ -306,9 +306,37 @@ The new AWS account needs permissions to access the AMIs before trying to create
|
|
|
|
|
|
```
|
|
|
cd ~/xdr-terraform-live/bin/ # OR cd ../../../bin/
|
|
|
-AWS_PROFILE=mdr-common-services-gov update-ami-accounts <aws-account-id>
|
|
|
+# Dump a list of AMIs matching the filter just to get a good looky-loo
|
|
|
+AWS_PROFILE=mdr-common-services-gov update-ami-accounts 'MSOC*'
|
|
|
+
|
|
|
+# Now do the actual sharing of the AMIs with your new account
|
|
|
+AWS_PROFILE=mdr-common-services-gov update-ami-accounts 'MSOC*' <aws-account-id>
|
|
|
```
|
|
|
|
|
|
+One common problem here. You may need to add region= to your $HOME/.aws/config
|
|
|
+for mdr-common-services-gov, like so:
|
|
|
+
|
|
|
+```
|
|
|
+[profile mdr-common-services-gov]
|
|
|
+source_profile = govcloud
|
|
|
+role_arn = arn:aws-us-gov:iam::701290387780:role/user/mdr_terraformer
|
|
|
+region = us-gov-east-1
|
|
|
+color = ff0000
|
|
|
+```
|
|
|
+
|
|
|
+Optionally, also add the new account number to the packer build so that when new
|
|
|
+AMIs get built they are shared automatically with this account.
|
|
|
+
|
|
|
+```
|
|
|
+
|
|
|
+cd ~/msoc-infrastructure/packer
|
|
|
+vi Makefile
|
|
|
+# Add the account(s) to GOVCLOUD_ACCOUNTS / COMMERCIAL_ACCOUNTS
|
|
|
+# as needed. PR it and exit
|
|
|
+
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
## Step x: Apply the Terraform in order
|
|
|
|
|
|
The `xdr-terraform-live/bin` directory should be in your path. You will need it for this step:
|
Duane Waddle