Add snapshot import to amazon-import

This patch adds the possibility of importing an image to Amazon EC2 by
using the ImportSnapshot/RegisterImage API, which has lower requirements
than the ImportImage API and does not try to modify the imported image.

It reuses the current post-process method but diverges once we need to
import the image. The artifact upload to S3 is the same, but instead of
calling ImportImage, we call ImportSnapshot to create an EBS snapshot
from the S3 artifact, then call RegisterImage to register the snapshot
as a new AMI. The steps after registering the AMI are identical to the
previous image import process.

Signed-off-by: Itxaka <[email protected]>
Co-authored-by: Hugh Cole-Baker <[email protected]>
Signed-off-by: Hugh Cole-Baker <[email protected]>

Author: Itxaka

.web-docs/components/post-processor/import/README.md

@@ -94,18 +94,39 @@ Optional:
   must be set to  `uefi`.
 
 - `platform` (string) - The operating system of the virtual machine. One of:
-  `linux` or `windows`. If `boot_mode` is set to `uefi` then this value must be 
-  set to either `windows` or `linux` depending on the operating system of the 
-  virtual machine.
+  `linux` or `windows`. If `boot_mode` is set to `uefi` then this value must be
+  set to either `windows` or `linux` depending on the operating system of the
+  virtual machine. `windows` can only be used here when `import_type` is `image`.
 
 - `custom_endpoint_ec2` (string) - This option is useful if you use a cloud
   provider whose API is compatible with aws EC2. Specify another endpoint
   like this `https://ec2.custom.endpoint.com`.
 
+- `ena_support` (boolean) - Only applicable if `import_type` is set to
+  `snapshot`. This sets a flag on the AMI indicating that the image includes
+  support for the
+  [Elastic Network Adapter](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena.html).
+  Defaults to `false`.
+
 - `format` (string) - One of: `ova`, `raw`, `vhd`, `vhdx`, or `vmdk`. This
   specifies the format of the source virtual machine image. The resulting
   artifact from the builder is assumed to have a file extension matching the
-  format. This defaults to `ova`.
+  format. This defaults to `ova` if `import_type` is `image`, and `raw` if
+  `import_type` is `snapshot`.
+
+- `import_type` (string) - The method to use to import the image.
+  One of: `image` or `snapshot`. If set to `image`, the
+  [ImportImage](https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html)
+  API is used to perform the import, which only supports a limited number of
+  [operating systems](https://docs.aws.amazon.com/vm-import/latest/userguide/prerequisites.html#vmimport-operating-systems)
+  and performs
+  [programmatic modifications](https://docs.aws.amazon.com/vm-import/latest/userguide/import-modify-vm.html)
+  to the image during the import process. If set to `snapshot`, the
+  [ImportSnapshot](https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-import-snapshot.html)
+  API is used and then the resulting snapshot is registered as an AMI, which
+  does not perform any modifications to the image, supports a wider range of
+  Linux distributions, but does not support importing Windows images.
+  The default is `image`.
 
 - `insecure_skip_tls_verify` (boolean) - This allows skipping TLS
   verification of the AWS EC2 endpoint. The default is `false`.
@@ -117,7 +138,8 @@ Optional:
   Machine Image (AMI) after importing. Valid values: `AWS` or `BYOL`
   (default). For more details regarding licensing, see
   [Prerequisites](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/VMImportPrerequisites.html)
-  in the VM Import/Export User Guide.
+  in the VM Import/Export User Guide. If `import_type` is set to `snapshot`, this
+  is ignored.
 
 - `mfa_code` (string) - The MFA
   [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
@@ -159,6 +181,10 @@ Optional:
 - `skip_region_validation` (boolean) - Set to true if you want to skip
   validation of the region configuration option. Default `false`.
 
+- `snapshot_device_name` (string) - The root device name to use in the block
+  device mapping when registering a snapshot import as an AMI. Only applicable
+  if `import_type` is `snapshot`. Defaults to `/dev/sda`.
+
 - `tags` (object of key/value strings) - Tags applied to the created AMI and
   relevant snapshots.
 
@@ -167,6 +193,11 @@ Optional:
   probably don't need it. This will also be read from the `AWS_SESSION_TOKEN`
   environmental variable.
 
+- `virtualization_type` (string) - The virtualization type to be used for
+  the imported AMI. One of: `hvm` or `paravirtual`. Defaults to `hvm`,
+  `paravirtual` is only supported on previous-generation EC2 instance types.
+  This option can only be set when `import_type` is set to `snapshot`.
+
 ## Basic Example
 
 Here is a basic example. This assumes that the builder has produced an OVA

builder/common/state.go

@@ -227,6 +227,18 @@ func (w *AWSPollingConfig) WaitUntilFastLaunchEnabled(ctx aws.Context, conn *ec2
 	return err
 }
 
+func (w *AWSPollingConfig) WaitUntilSnapshotImported(ctx aws.Context, conn *ec2.EC2, taskID string) error {
+	importInput := ec2.DescribeImportSnapshotTasksInput{
+		ImportTaskIds: []*string{&taskID},
+	}
+
+	err := WaitForSnapshotToBeImported(conn,
+		ctx,
+		&importInput,
+		w.getWaiterOptions()...)
+	return err
+}
+
 // Custom waiters using AWS's request.Waiter
 
 func WaitForVolumeToBeAttached(c *ec2.EC2, ctx aws.Context, input *ec2.DescribeVolumesInput, opts ...request.WaiterOption) error {
@@ -371,6 +383,43 @@ func WaitUntilFastLaunchEnabled(c *ec2.EC2, ctx aws.Context, input *ec2.Describe
 	return w.WaitWithContext(ctx)
 }
 
+func WaitForSnapshotToBeImported(c *ec2.EC2, ctx aws.Context, input *ec2.DescribeImportSnapshotTasksInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "DescribeSnapshot",
+		MaxAttempts: 720,
+		Delay:       request.ConstantWaiterDelay(5 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.PathAllWaiterMatch,
+				Argument: "ImportSnapshotTasks[].SnapshotTaskDetail.Status",
+				Expected: "completed",
+			},
+			{
+				State:    request.FailureWaiterState,
+				Matcher:  request.PathAnyWaiterMatch,
+				Argument: "ImportSnapshotTasks[].SnapshotTaskDetail.Status",
+				Expected: "deleted",
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *ec2.DescribeImportSnapshotTasksInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.DescribeImportSnapshotTasksRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
+
+	return w.WaitWithContext(ctx)
+}
+
 // This helper function uses the environment variables AWS_TIMEOUT_SECONDS and
 // AWS_POLL_DELAY_SECONDS to generate waiter options that can be passed into any
 // request.Waiter function. These options will control how many times the waiter

docs/post-processors/import.mdx

@@ -104,18 +104,39 @@ Optional:
   must be set to  `uefi`.
 
 - `platform` (string) - The operating system of the virtual machine. One of:
-  `linux` or `windows`. If `boot_mode` is set to `uefi` then this value must be 
-  set to either `windows` or `linux` depending on the operating system of the 
-  virtual machine.
+  `linux` or `windows`. If `boot_mode` is set to `uefi` then this value must be
+  set to either `windows` or `linux` depending on the operating system of the
+  virtual machine. `windows` can only be used here when `import_type` is `image`.
 
 - `custom_endpoint_ec2` (string) - This option is useful if you use a cloud
   provider whose API is compatible with aws EC2. Specify another endpoint
   like this `https://ec2.custom.endpoint.com`.
 
+- `ena_support` (boolean) - Only applicable if `import_type` is set to
+  `snapshot`. This sets a flag on the AMI indicating that the image includes
+  support for the
+  [Elastic Network Adapter](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena.html).
+  Defaults to `false`.
+
 - `format` (string) - One of: `ova`, `raw`, `vhd`, `vhdx`, or `vmdk`. This
   specifies the format of the source virtual machine image. The resulting
   artifact from the builder is assumed to have a file extension matching the
-  format. This defaults to `ova`.
+  format. This defaults to `ova` if `import_type` is `image`, and `raw` if
+  `import_type` is `snapshot`.
+
+- `import_type` (string) - The method to use to import the image.
+  One of: `image` or `snapshot`. If set to `image`, the
+  [ImportImage](https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html)
+  API is used to perform the import, which only supports a limited number of
+  [operating systems](https://docs.aws.amazon.com/vm-import/latest/userguide/prerequisites.html#vmimport-operating-systems)
+  and performs
+  [programmatic modifications](https://docs.aws.amazon.com/vm-import/latest/userguide/import-modify-vm.html)
+  to the image during the import process. If set to `snapshot`, the
+  [ImportSnapshot](https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-import-snapshot.html)
+  API is used and then the resulting snapshot is registered as an AMI, which
+  does not perform any modifications to the image, supports a wider range of
+  Linux distributions, but does not support importing Windows images.
+  The default is `image`.
 
 - `insecure_skip_tls_verify` (boolean) - This allows skipping TLS
   verification of the AWS EC2 endpoint. The default is `false`.
@@ -127,7 +148,8 @@ Optional:
   Machine Image (AMI) after importing. Valid values: `AWS` or `BYOL`
   (default). For more details regarding licensing, see
   [Prerequisites](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/VMImportPrerequisites.html)
-  in the VM Import/Export User Guide.
+  in the VM Import/Export User Guide. If `import_type` is set to `snapshot`, this
+  is ignored.
 
 - `mfa_code` (string) - The MFA
   [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
@@ -169,6 +191,10 @@ Optional:
 - `skip_region_validation` (boolean) - Set to true if you want to skip
   validation of the region configuration option. Default `false`.
 
+- `snapshot_device_name` (string) - The root device name to use in the block
+  device mapping when registering a snapshot import as an AMI. Only applicable
+  if `import_type` is `snapshot`. Defaults to `/dev/sda`.
+
 - `tags` (object of key/value strings) - Tags applied to the created AMI and
   relevant snapshots.
 
@@ -177,6 +203,11 @@ Optional:
   probably don't need it. This will also be read from the `AWS_SESSION_TOKEN`
   environmental variable.
 
+- `virtualization_type` (string) - The virtualization type to be used for
+  the imported AMI. One of: `hvm` or `paravirtual`. Defaults to `hvm`,
+  `paravirtual` is only supported on previous-generation EC2 instance types.
+  This option can only be set when `import_type` is set to `snapshot`.
+
 ## Basic Example
 
 Here is a basic example. This assumes that the builder has produced an OVA