Starting a forensic VM outside of AWS region us-east-2 errors out

[hacktobeer]

We create an EC2 instance of the analysis VM based on the below AMI. https://github.com/google/cloud-forensics-utils/blob/40c7c86701413b2d2efc48734bf35279e8a18149/libcloudforensics/providers/aws/internal/common.py#L29

This AMI seems not to exist anymore.

[hacktobeer]

Still debugging, might be access credentials related.

[hacktobeer]

(cloud-utils) rbdebeer@rbdebeer1:~/Documents/cloud-forensics-utils$ python -m examples.libcloudforensics aws eu-west-1a startvm analysisvm1 eu-west-1a
Traceback (most recent call last):
  File "/usr/local/google/home/rbdebeer/Documents/cloud-forensics-utils/libcloudforensics/providers/aws/internal/account.py", line 719, in _GetBootVolumeConfigByAmi
    image = client.describe_images(ImageIds=[ami])
  File "/usr/local/google/home/rbdebeer/Documents/venv/cloud-utils/lib/python3.7/site-packages/botocore/client.py", line 316, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/google/home/rbdebeer/Documents/venv/cloud-utils/lib/python3.7/site-packages/botocore/client.py", line 626, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AuthFailure) when calling the DescribeImages operation: AWS was not able to validate the provided access credentials

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.7/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.7/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/usr/local/google/home/rbdebeer/Documents/cloud-forensics-utils/examples/libcloudforensics.py", line 177, in <module>
    Main()
  File "/usr/local/google/home/rbdebeer/Documents/cloud-forensics-utils/examples/libcloudforensics.py", line 173, in Main
    parsed_args.func(parsed_args)
  File "/usr/local/google/home/rbdebeer/Documents/cloud-forensics-utils/examples/aws_cli.py", line 114, in StartAnalysisVm
    boot_volume_size=args.disk_size)
  File "/usr/local/google/home/rbdebeer/Documents/cloud-forensics-utils/libcloudforensics/providers/aws/forensics.py", line 205, in StartAnalysisVm
    ssh_key_name=ssh_key_name)
  File "/usr/local/google/home/rbdebeer/Documents/cloud-forensics-utils/libcloudforensics/providers/aws/internal/account.py", line 515, in GetOrCreateAnalysisVm
    [self._GetBootVolumeConfigByAmi(ami, boot_volume_size)],
  File "/usr/local/google/home/rbdebeer/Documents/cloud-forensics-utils/libcloudforensics/providers/aws/internal/account.py", line 723, in _GetBootVolumeConfigByAmi
    ami, str(exception)))
RuntimeError: Could not find image information for AMI ami-025d2a3daf21de4b8: An error occurred (AuthFailure) when calling the DescribeImages operation: AWS was not able to validate the provided access credentials

Configured credentials have full admin access (for testing purpose)

[hacktobeer]

After solving the authentication problem it still can't find the AMI

botocore.exceptions.ClientError: An error occurred (InvalidAMIID.NotFound) when calling the DescribeImages operation: The image id '[ami-0013b3aa57f8a4331]' does not e
xist

Are AMIs zone specific?

[hacktobeer]

ami-0013b3aa57f8a4331 as referenced in the source code is specific for zone us-east-2 https://cloud-images.ubuntu.com/query/bionic/server/daily.txt

So if you want an analysis VM in any other zone the code will error out as it can't find the image.

Renaming issue.

[hacktobeer]

we might solve this by using describe_images for a region and filtering on our base image (amd64 ubuntu 18.04). This will give the AMI id for the region we want to create the analysis VM in. https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.describe_images