m (Davdunc moved page User:AWSMPAmiRelease to Fedora Project Wiki:AWSMPAmiRelease: moving from the User wiki space ) |
|||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Proposal to List Fedora Amazon Machine Images in the AWS Marketplace as ''Provided by AWS'' | |||
== Introduction == | == Introduction == | ||
The [https://aws.amazon.com/marketplace AWS Marketplace] team has created an opportunity to deliver the official images to customers via a ''Sold by AWS'' account. This would provide full searchability and detail regarding the official Fedora images and all published images could be listed for customers use. This will automatically provide customers the ability to leverage public parameters in SSM. | The [https://aws.amazon.com/marketplace AWS Marketplace] team has created an opportunity to deliver the official images to customers via a ''Sold by AWS'' account. This would provide full searchability and detail regarding the official Fedora images and all published images could be listed for customers use. This will automatically provide customers the ability to leverage public parameters in SSM. | ||
== Motivation == | == Motivation == | ||
Line 9: | Line 9: | ||
Deploying Images across partitions requires a significant amount of effort, including certifications and permissions for ITAR regions or opt-in only regions where AMI delivery best practices requires a significant number of accounts to separate publications. To bypass these requirements, the Fedora images can be published using the existing scanning and certification systems put in place by the AWS Marketplace team to simplify Amazon Partner Network participants. This makes it possible to build images in the same way they are built today as community images, but then have the added benefit of having the images available in regions where the Fedora team would need to have signed agreements or credentials on file where personal liability would be necessary for the project leadership. | Deploying Images across partitions requires a significant amount of effort, including certifications and permissions for ITAR regions or opt-in only regions where AMI delivery best practices requires a significant number of accounts to separate publications. To bypass these requirements, the Fedora images can be published using the existing scanning and certification systems put in place by the AWS Marketplace team to simplify Amazon Partner Network participants. This makes it possible to build images in the same way they are built today as community images, but then have the added benefit of having the images available in regions where the Fedora team would need to have signed agreements or credentials on file where personal liability would be necessary for the project leadership. | ||
There are also Amazon EC2 users who have developed policies requiring all images used to pass through AWS Marketplace Security scanning to avoid concerns related to security issues, such as the one outlined at [https://nvd.nist.gov/vuln/detail/CVE-2018-15869 CVE-2018-15869]. While the Fedora community already does an excellent job of producing a curated list of current AMIs, this allows the images to be integrated more deeply into the ecosystem. Ultimately, this | There are also Amazon EC2 users who have developed policies requiring all images used to pass through AWS Marketplace Security scanning to avoid concerns related to security issues, such as the one outlined at [https://nvd.nist.gov/vuln/detail/CVE-2018-15869 CVE-2018-15869]. While the Fedora community already does an excellent job of producing a curated list of current AMIs, this allows the images to be integrated more deeply into the AWS ecosystem. Ultimately, this is expected to lead to increased adoption, community participation, and increased visibility for the Fedora cloud images. | ||
== Process == | == Process == | ||
=== Responsible === | |||
Fedora team member and ''AWS Partner Solutions Architect'' for open source distribution partners [[User:Davdunc|David Duncan]] will lead the integration from inside of AWS and align that process with the community image publication. Alignment will be established with the CPE and Infrastructure teams to ensure that infrastructure requirements are correctly integrated. This alignment ensures that the internal configuration at AWS is sufficiently transparent to the community members to drive the support. | |||
Internal to the AWS team, the [mailto:mbakeram@amazon.com Mark Baker] AWS Marketplace Sr. ''Category Manager'' for operating systems and open source software (''OS/OSS'') will be responsible for ensuring that the Marketplace accounts are provided and that the process workflow as outlined matches the requirements of the AWS Marketplace. The Category Manager will also provide guidance on the requirements of the Marketplace. | |||
AWS Contacts the work by title are as follows: | |||
- AWS Partner Solutions Architect, Linux (Specifically the PSA assigned to Red Hat as a partner) | |||
- [mailto:davdunc@amazon.com David Duncan] | |||
- AWS Marketplace Category Manager for OS/OSS | |||
- [mailto:mbakeram@amazon.com Mark Baker] | |||
=== Support === | |||
For matters of continuous support and any product user engagement request coming from the AWS Contacts, a github or pagure[†] project similar to [https://pagure.io/fedora-commops fedora-commops] will track issues and code deployed on AWS internal accounts not managed by Fedora Infrastructure. This repository will contain the operations specific to the Amazon publishing related to the image deployment and the aspects of organizing the project for long-term support. All application development for the AWS integration will be handled using the policy and procedures in place as established by the [https://pagure.io/fedora-infrastructure fedora-infrastructure] team wherever possible. If that is not possible a new policy will be created and stored in this new Marketplace project files. | |||
=== Image Uploads === | === Image Uploads === | ||
Line 20: | Line 33: | ||
Each Fedora release is a product listing. The product load form defines the product listings for the AWS Marketplace products. There is one product listing defined per line. The product definition includes the marketing material for the product listing, the regions in which the product is listed, the instance types supported by the listing, and the AMI ids that will be consumed in making the product listings. | Each Fedora release is a product listing. The product load form defines the product listings for the AWS Marketplace products. There is one product listing defined per line. The product definition includes the marketing material for the product listing, the regions in which the product is listed, the instance types supported by the listing, and the AMI ids that will be consumed in making the product listings. | ||
== Example Listings == | |||
The [https://aws.amazon.com/marketplace/pp/Amazon-Web-Services-Red-Hat-Enterprise-Linux-8/B07T4SQ5RZ Red Hat Enterprise Linux marketplace listing] for RHEL 8 is an example of this kind of listing. | |||
† Regardless of the project location, the managing organization for issues and related operations should be Fedora. |
Latest revision as of 01:57, 18 September 2020
Proposal to List Fedora Amazon Machine Images in the AWS Marketplace as Provided by AWS
Introduction
The AWS Marketplace team has created an opportunity to deliver the official images to customers via a Sold by AWS account. This would provide full searchability and detail regarding the official Fedora images and all published images could be listed for customers use. This will automatically provide customers the ability to leverage public parameters in SSM.
Motivation
Deploying Images across partitions requires a significant amount of effort, including certifications and permissions for ITAR regions or opt-in only regions where AMI delivery best practices requires a significant number of accounts to separate publications. To bypass these requirements, the Fedora images can be published using the existing scanning and certification systems put in place by the AWS Marketplace team to simplify Amazon Partner Network participants. This makes it possible to build images in the same way they are built today as community images, but then have the added benefit of having the images available in regions where the Fedora team would need to have signed agreements or credentials on file where personal liability would be necessary for the project leadership.
There are also Amazon EC2 users who have developed policies requiring all images used to pass through AWS Marketplace Security scanning to avoid concerns related to security issues, such as the one outlined at CVE-2018-15869. While the Fedora community already does an excellent job of producing a curated list of current AMIs, this allows the images to be integrated more deeply into the AWS ecosystem. Ultimately, this is expected to lead to increased adoption, community participation, and increased visibility for the Fedora cloud images.
Process
Responsible
Fedora team member and AWS Partner Solutions Architect for open source distribution partners David Duncan will lead the integration from inside of AWS and align that process with the community image publication. Alignment will be established with the CPE and Infrastructure teams to ensure that infrastructure requirements are correctly integrated. This alignment ensures that the internal configuration at AWS is sufficiently transparent to the community members to drive the support.
Internal to the AWS team, the Mark Baker AWS Marketplace Sr. Category Manager for operating systems and open source software (OS/OSS) will be responsible for ensuring that the Marketplace accounts are provided and that the process workflow as outlined matches the requirements of the AWS Marketplace. The Category Manager will also provide guidance on the requirements of the Marketplace.
AWS Contacts the work by title are as follows:
- AWS Partner Solutions Architect, Linux (Specifically the PSA assigned to Red Hat as a partner) - David Duncan - AWS Marketplace Category Manager for OS/OSS - Mark Baker
Support
For matters of continuous support and any product user engagement request coming from the AWS Contacts, a github or pagure[†] project similar to fedora-commops will track issues and code deployed on AWS internal accounts not managed by Fedora Infrastructure. This repository will contain the operations specific to the Amazon publishing related to the image deployment and the aspects of organizing the project for long-term support. All application development for the AWS integration will be handled using the policy and procedures in place as established by the fedora-infrastructure team wherever possible. If that is not possible a new policy will be created and stored in this new Marketplace project files.
Image Uploads
The official images will be mirrored to an internal AWS account and the snapshots will be shared specifically to the AWS Marketplace production and security scanning accounts. Once the images are shared to the account, a load form containing the marketing information and a release version identifier is submitted with the AMI-id of the images to associate the version identifier with the marketing information and the AMI identifier. Image uploads will be initiated based on detail collected from the community project message bus.
Product Load Form
Each Fedora release is a product listing. The product load form defines the product listings for the AWS Marketplace products. There is one product listing defined per line. The product definition includes the marketing material for the product listing, the regions in which the product is listed, the instance types supported by the listing, and the AMI ids that will be consumed in making the product listings.
Example Listings
The Red Hat Enterprise Linux marketplace listing for RHEL 8 is an example of this kind of listing.
† Regardless of the project location, the managing organization for issues and related operations should be Fedora.