AWS Snapshot did not retain SUSE Linux Enterprise Server billing code.
This document (7023900) is provided subject to the disclaimer at the end of this document.
AWS on-demand image for SUSE Linux Enterprise Server
June 2019, the AWS snapshot process was updated to retain the billing code.
This article does not apply to SUSE Linux Enterprise Server for SAP Applications (SLES for SAP) AMIs (Amazon Machine Images) or BYOS (Bring your own subscription) images for SUSE Linux Enterprise Server
Amazon provides customers the ability to create an Amazon Machine Image (AMI) from a running instance or from an EBS Snapshot of a root volume. The AMI can be used to launch new instances that meet customers’ corporate and security policies.
If an AMI was created before June 2019 using an EBS Snapshot of a volume from a SUSE Linux Enterprise Server (SLES) AMI on Amazon, the EBS Snapshot did not retain the billing code for SLES thus EC2 instances launched from these AMIs won’t have the billing code too. New AMIs that were created after June 2019 retain the billing code.
The billing code is used to enable access to patches, updates and security fixes when using on-demand instances. If a customer’s EC2 instance(s) is missing the billing code and has access to the Public Cloud Update Infrastructure, the customer is out of compliance.
Below are the steps to determine if an instance is out of compliance:
1. 1. Check to see if the billing code is present by running the command below on their EC2 instances:
The command will return the meta-data associated with the EC2 instance. If the value for the key billingProducts” is null, then move to step 2.
"billingProducts" : null,
If the “billingProducts” value is “bp-6ca54005”, then your instance has the necessary entitlements and this article does not apply to the EC2 instance.
"billingProducts" : [ "bp-6ca54005" ],
2. 2. Determine if the EC2 instance is connected to the Public Cloud Update Infrastructure by
running “zypper lr --uri”. The URI column will list either “https://smt-ec2_susecloud_net” or credentials “plugin:/susecloud?credentials=SU…”OR
3. 3. If the “billingProducts” is null and “SMT-http_smt-ec2_susecloud_net” is listed and enabled as the Repository Index Service, then your system is out of compliance.
are two known options to bring the instance into compliance:
- Option 1:
Purchase SUSE subscriptions and register the purchased subscription on the EC2 instance using SUSEConnect. The customer will need to setup an update infrastructure or connect all EC2 instances to SUSE Customer Center.
- Option 2:
Move the EBS volumes from a SLES EC2 instance without a billing code to a SLES EC2 Instance with a billing code.
This option requires you to create a new EC2 instance, which can cause the private IP address of the new EC2 instance to be different. Also, instance specific attributes (Placement Groups, Security Groups, Subnets, etc) will need to be checked before launching a new instance to make sure they are the same from the instance without a billing code.
Outlined below is the high-level procedure of how to perform this move:
a. Launch a new “target” SLES EC2 on-demand instance (i.e.: EC2 instance A). Please be sure to choose an instance type, VPC, Subnet (Availability Zone) and Security Groups that matches the instance type of the “source” EC2 instance with the missing AWS billing code (i.e.:EC2 instance X) as “EC2 instance A” will replace the “EC2 instance X”. Other attributes that you may want to check are:
i. Placement Groups
ii. Instance Termination Protection and Behavior
iii. Enhanced Monitoring
iv. CPU Options
vi. IAM Profile, and
b. It is recommended to create a new Amazon Machine Image (AMI) or EBS Snapshots from source “EC2 instance X” for backup purposes. Ensure the instance is stopped before taking the snapshot of a root volume.
c. Next detach the EBS volume(s) from target “EC2 instance A” and source “EC2 instance X”:
i. AWS Documentation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html
d. Attach the EBS volumes that were attached to source “EC2 instance X” to target “EC2 instance A”:
i. AWS Documentation : https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html
e. Start and login to target “EC2 instance A” and validate that the billing code is now associated to the instance (see Section 1 above).
f. In case you have questions please reach out to AWS for more information. Customers subscripted to an AWS Support plan can open support cases for technical assistance.
If you have questions or issues please send them to the Public Cloud Engineers mailing list: email@example.com
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7023900
- Creation Date:26-MAY-19
- Modified Date:18-SEP-19
- SUSESUSE Linux Enterprise Server