How to use AWS roles with Packer to create AMIs

我们两清 提交于 2019-12-10 15:23:22

问题


I'm currently building AMIs via Packer without a problem, but I am baking the AWS credentials into my scripts which is not what I want. Reading the Packer documentation they specify that if no credentials are found it can use an AWS role.

I have created the policy and the role, but it's unclear to me how to tell Packer to use this role. Do I have to pass the ARN in as a variable?

Any thoughts?


回答1:


Roles only apply to instances running on AWS, and roles can only be applied when you create an instance (though you can change the permissions assigned to that role later).

So in this case, if you want to use roles for AMI creation, you will need to...

  1. Create a role with permissions (i.e. the ones detailed in the link Kush provided) to create AMIs
  2. Create an instance with that role
  3. Install Packer on that instance

Using that instance, then you can create AMI's without specifying any credentials.




回答2:


If you'd like to set the IAM role that Packer uses during AMI creation from the command-line (e.g. from Jenkins), then you can use variables for doing so, e.g. using the following in your Packer script:

"variables": {
  "packer_profile": "packer",
  ...
},
"builders": [
  {
    "type": "amazon-ebs",
    ...
    "iam_instance_profile": "{{user `packer_profile`}}",
    ...
  }
],
"provisioners": [
  ...
]

So we provide a default "packer" value for our packer_profile variable. Then, when invoking Packer from the command-line in Jenkins, you override that default variable value using:

$ /path/to/packer -var packer_profile="MyNewProfileHere" ...

Hope this helps!



来源:https://stackoverflow.com/questions/36311048/how-to-use-aws-roles-with-packer-to-create-amis

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!