#packer (2021-06)

packer

Discuss Packer for building AMIs and Docker Images

Archive: https://archive.sweetops.com/packer/

2021-06-24

Thayne Trevenen avatar
Thayne Trevenen
05:48:50 PM

Hey Packer Peeps, I have been using packer for a year at an old company and it worked flawlessly however I am at a new company with restrictions on AWS security groups and any SG created with wide open access is automagically deleted. Therefore when packer try’s to do anything via ssh over port 22 and the temp SG [0.0.0.0\0] packer times out waiting for ssh access. Does anyone know of a way to specify something other than [0.0.0.0\0] in the packer file?

Mohammed Yahya avatar
Mohammed Yahya
02:09:05 PM

run packer inside a codebuild and use the VPC CIDR - you need to attach codebuild to the same VPC or use VPC peering if you run packer inside codebuild in another VPC

Jason avatar
Jason
02:26:23 PM

Another solution can be used via session_manager. But it requires the host machine running Packer must have AWS Session Manager plugin. FYI: https://www.packer.io/docs/builders/amazon/ebs#ssh_interface

I’m using Packer + Session Manager to bake AMI and it’s securable.

Amazon EBS - Builders | Packer by HashiCorpattachment image

The amazon-ebs Packer builder is able to create Amazon AMIs backed by EBS volumes for use in EC2. For more information on the difference between EBS-backed instances and instance-store backed instances, see the storage for the root device section in the EC2 documentation.

Jonathan Le avatar
Jonathan Le
10:28:02 PM

Can’t you precreate the SG and for egress just have something other than quad zero. Then in the packer config, have it specify the SG ID with security_group_id to use that precreated one instead of having it automatically generate a temporary one.

Jonathan Le avatar
Jonathan Le
10:28:15 PM

https://www.packer.io/docs/builders/amazon/ebs#security_group_id

Jonathan Le avatar
Jonathan Le
10:28:51 PM

another option @Thayne Trevenen

1

2021-06-26

2021-06-29

    keyboard_arrow_up