aherman
/
packer
mirror of https://github.com/hashicorp/packer
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '972af2c4cc'
${ noResults }
packer/website/source/docs/builders/amazon.html.markdown

3.5 KiB
Raw Blame History

layout page_title description
docs Amazon AMI Builder Packer is able to create Amazon AMIs. To achieve this, Packer comes with multiple builders depending on the strategy you want to use to build the AMI.

Amazon AMI Builder

Packer is able to create Amazon AMIs. To achieve this, Packer comes with multiple builders depending on the strategy you want to use to build the AMI. Packer supports the following builders at the moment:

  • amazon-ebs - Create EBS-backed AMIs by launching a source AMI and re-packaging it into a new AMI after provisioning. If in doubt, use this builder, which is the easiest to get started with.

  • amazon-instance - Create instance-store AMIs by launching and provisioning a source instance, then rebundling it and uploading it to S3.

  • amazon-chroot - Create EBS-backed AMIs from an existing EC2 instance by mounting the root device and using a Chroot environment to provision that device. This is an advanced builder and should not be used by newcomers. However, it is also the fastest way to build an EBS-backed AMI since no new EC2 instance needs to be launched.

-> Don't know which builder to use? If in doubt, use the amazon-ebs builder. It is much easier to use and Amazon generally recommends EBS-backed images nowadays.

Using an IAM Instance Profile

If AWS keys are not specified in the template, Packer will consult the credentials file, try the standard AWS environment variables, and then any IAM role credentials defined by the instance's metadata.

The following policy document provides the minimal set permissions necessary for Packer to work:

{
  "Statement": [{
      "Effect": "Allow",
      "Action" : [
        "ec2:AttachVolume",
        "ec2:CreateVolume",
        "ec2:DeleteVolume",
        "ec2:CreateKeypair",
        "ec2:DeleteKeypair",
        "ec2:CreateSecurityGroup",
        "ec2:DeleteSecurityGroup",
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:CreateImage",
        "ec2:RunInstances",
        "ec2:TerminateInstances",
        "ec2:StopInstances",
        "ec2:DescribeVolumes",
        "ec2:DetachVolume",
        "ec2:DescribeInstances",
        "ec2:CreateSnapshot",
        "ec2:DeleteSnapshot",
        "ec2:DescribeSnapshots",
        "ec2:DescribeImages",
        "ec2:RegisterImage",
        "ec2:CreateTags",
        "ec2:ModifyImageAttribute"
      ],
      "Resource" : "*"
  }]
}

Troubleshooting

Attaching IAM Policies to Roles

IAM policies can be associated with user or roles. If you use packer with IAM roles, you may encounter an error like this one:

==> amazon-ebs: Error launching source instance: You are not authorized to perform this operation.

You can read more about why this happens on the Amazon Security Blog. The example policy below may help packer work with IAM roles. Note that this example provides more than the minimal set of permissions needed for packer to work, but specifics will depend on your use-case.

{
    "Sid": "PackerIAMPassRole",
    "Effect": "Allow",
    "Action": "iam:PassRole",
    "Resource": [
        "*"
    ]
}