I can take a look at this tomorrow. I think https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html is the correct API.

I previously attempted to tag our snapshots as well, but couldn't figure out how to make that work. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportSnapshot.html lets you tag the task that imports the snapshot, but not the snapshot itself. I assume we want to tag them with the "FedoraGroup" and EOL. @davdunc, do you have any idea how tag snapshots?

Yeah, tagging them would be good.

I wonder if that just needs to be in a sperate call after it's created?

Not sure.

@jcline during creation of snapshot you can tag it this way
https://github.com/xsuchy/fedora-infra-scripts/blob/main/snapshot-and-delete-volume.py#L11

@jcline during creation of snapshot you can tag it this way
https://github.com/xsuchy/fedora-infra-scripts/blob/main/snapshot-and-delete-volume.py#L11

Interesting, thanks for the pointer. What we're currently doing is uploading the images to S3, then calling import_snapshot. When I tried to apply tags with that call it seemed like the tags applied to the import task, not the snapshot itself, and I didn't dig further than that.

However, it sounds like create_snapshot stores the image in S3. Is it sufficient for us to just make the images we're uploading to S3 public (and mark them for garbage collection on their EOL date)?

I'll admit to not being very familiar with all the details of AWS objects.

friendly ping, is there anything we can do to help here?

friendly ping, is there anything we can do to help here?

Given https://pagure.io/cloud-image-uploader/issue/44#comment-948531 is it enough to just mark the images we're uploading from Fedora nightly builds in S3 as public? I'm not an AWS expert but it seems like they're equivalent to creating a snapshot from a volume.

You might need to add an additional AWS API call to make a snapshot public: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-modifying-snapshot-permissions.html

@mh21 appreciate the pointer. I also found the generic "create_tags" call so I think https://pagure.io/cloud-image-uploader/pull-request/49 should address this request. I would appreciate a review to make sure it looks reasonable to you.

Note that the snapshot is in a single region, whatever the configured "base_region" is (I think eastus2?).

@jcline thank you very much! The PR looks good to me (but then I've never tried to create a public snapshot myself 🙈).

Thanks for looking. I've deployed it, but we'll need to wait for tomorrow's build to see if it works.

This seems to be working so I'm going to close this, do let me know if something seems wrong.