Fixes to image propagaion script to adjust permission on snapshot objects

This commit is contained in:
Neil Hanlon 2023-01-18 18:49:40 -05:00
parent 42b054ac5b
commit f348e371d2
Signed by: neil
GPG Key ID: 705BC21EC3C70F34

View File

@ -33,6 +33,8 @@ function copy(){
for region in $REGIONS; do for region in $REGIONS; do
if find_image_by_name $region; then if find_image_by_name $region; then
echo "Found copy of $source_ami in $region - $found_image_id - Skipping" echo "Found copy of $source_ami in $region - $found_image_id - Skipping"
unset ami_ids[$region]
ami_ids[$region]=$(echo $found_image_id | tr -d "'")
continue continue
fi fi
echo -n "Creating copy job for $region..." echo -n "Creating copy job for $region..."
@ -68,15 +70,32 @@ function change_privacy(){
local finished=false local finished=false
while ! $finished; do while ! $finished; do
for region in "${!ami_ids[@]}"; do for region in "${!ami_ids[@]}"; do
echo -n "Making ${ami_ids[$region]} in $region $status..." image_id=${ami_ids[$region]}
aws --profile resf-ami ec2 modify-image-attribute \ echo -n "Making ${image_id} in $region $status..."
if aws --profile resf-ami ec2 modify-image-attribute \
--region $region \ --region $region \
--image-id "${ami_ids[$region]}" \ --image-id "$image_id" \
--launch-permission "${launch_permission}" 2>/dev/null --launch-permission "${launch_permission}" 2>/dev/null; then
if [[ $? -eq 0 ]]; then
unset ami_ids[$region] snapshot_id=$(aws --profile resf-ami ec2 describe-images \
echo ". Done" --region $region \
continue --image-ids "${image_id}" \
--query 'Images[*].BlockDeviceMappings[0].Ebs.SnapshotId' \
--output text 2>&1)
permissions=$(aws --profile resf-ami ec2 describe-snapshot-attribute \
--region $region \
--snapshot-id "${snapshot_id}" \
--attribute createVolumePermission \
--query 'CreateVolumePermissions[0].Group' \
--output text 2>&1)
if [[ "$permissions" == "all" ]] || aws --profile resf-ami ec2 modify-snapshot-attribute \
--region $region \
--snapshot-id "${snapshot_id}" \
--create-volume-permission "${launch_permission}" 2>/dev/null; then
unset ami_ids[$region]
echo ". Done"
continue
fi
fi fi
echo ". Still pending" echo ". Still pending"
done done