diff --git a/builder/docker/ecr_login.go b/builder/docker/ecr_login.go index 737107589..c605bc36e 100644 --- a/builder/docker/ecr_login.go +++ b/builder/docker/ecr_login.go @@ -8,42 +8,16 @@ import ( "strings" "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds" - "github.com/aws/aws-sdk-go/aws/ec2metadata" - "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/ecr" + "github.com/hashicorp/packer/builder/amazon/common" ) type AwsAccessConfig struct { AccessKey string `mapstructure:"aws_access_key"` SecretKey string `mapstructure:"aws_secret_key"` Token string `mapstructure:"aws_token"` -} - -// Config returns a valid aws.Config object for access to AWS services, or -// an error if the authentication and region couldn't be resolved -func (c *AwsAccessConfig) config(region string) (*aws.Config, error) { - var creds *credentials.Credentials - - config := aws.NewConfig().WithRegion(region).WithMaxRetries(11) - session, err := session.NewSession(config) - if err != nil { - return nil, err - } - creds = credentials.NewChainCredentials([]credentials.Provider{ - &credentials.StaticProvider{Value: credentials.Value{ - AccessKeyID: c.AccessKey, - SecretAccessKey: c.SecretKey, - SessionToken: c.Token, - }}, - &credentials.EnvProvider{}, - &credentials.SharedCredentialsProvider{Filename: "", Profile: ""}, - &ec2rolecreds.EC2RoleProvider{ - Client: ec2metadata.New(session), - }, - }) - return config.WithCredentials(creds), nil + Profile string `mapstructure:"aws_profile"` + cfg *common.AccessConfig } // Get a login token for Amazon AWS ECR. Returns username and password @@ -60,12 +34,15 @@ func (c *AwsAccessConfig) EcrGetLogin(ecrUrl string) (string, string, error) { log.Println(fmt.Sprintf("Getting ECR token for account: %s in %s..", accountId, region)) - awsConfig, err := c.config(region) - if err != nil { - return "", "", err + c.cfg = &common.AccessConfig{ + AccessKey: c.AccessKey, + ProfileName: c.Profile, + RawRegion: region, + SecretKey: c.SecretKey, + Token: c.Token, } - session, err := session.NewSession(awsConfig) + session, err := c.cfg.Session() if err != nil { return "", "", fmt.Errorf("failed to create session: %s", err) } diff --git a/website/source/docs/builders/docker.html.md b/website/source/docs/builders/docker.html.md index f2f301ecb..951860971 100644 --- a/website/source/docs/builders/docker.html.md +++ b/website/source/docs/builders/docker.html.md @@ -162,6 +162,9 @@ You must specify (only) one of `commit`, `discard`, or `export_path`. probably don't need it. This will also be read from the `AWS_SESSION_TOKEN` environmental variable. +- `aws_profile` (string) - The AWS shared credentials profile used to communicate with AWS. + [Learn how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials) + - `changes` (array of strings) - Dockerfile instructions to add to the commit. Example of instructions are `CMD`, `ENTRYPOINT`, `ENV`, and `EXPOSE`. Example: `[ "USER ubuntu", "WORKDIR /app", "EXPOSE 8080" ]` diff --git a/website/source/docs/post-processors/docker-push.html.md b/website/source/docs/post-processors/docker-push.html.md index 6e22bdd79..5400cb56a 100644 --- a/website/source/docs/post-processors/docker-push.html.md +++ b/website/source/docs/post-processors/docker-push.html.md @@ -30,6 +30,9 @@ This post-processor has only optional configuration: probably don't need it. This will also be read from the `AWS_SESSION_TOKEN` environmental variable. +- `aws_profile` (string) - The AWS shared credentials profile used to communicate with AWS. + [Learn how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials) + - `ecr_login` (boolean) - Defaults to false. If true, the post-processor will login in order to push the image to [Amazon EC2 Container Registry (ECR)](https://aws.amazon.com/ecr/).