Discuss Packer for building AMIs and Docker Images
Hey Packer Peeps, I have been using packer for a year at an old company and it worked flawlessly however I am at a new company with restrictions on AWS security groups and any SG created with wide open access is automagically deleted. Therefore when packer try’s to do anything via ssh over port 22 and the temp SG [0.0.0.0\0] packer times out waiting for ssh access. Does anyone know of a way to specify something other than [0.0.0.0\0] in the packer file?
run packer inside a codebuild and use the VPC CIDR - you need to attach codebuild to the same VPC or use VPC peering if you run packer inside codebuild in another VPC
Another solution can be used via
session_manager. But it requires the host machine running Packer must have AWS Session Manager plugin. FYI: https://www.packer.io/docs/builders/amazon/ebs#ssh_interface
I’m using Packer + Session Manager to bake AMI and it’s securable.
The amazon-ebs Packer builder is able to create Amazon AMIs backed by EBS volumes for use in EC2. For more information on the difference between EBS-backed instances and instance-store backed instances, see the storage for the root device section in the EC2 documentation.
Can’t you precreate the SG and for egress just have something other than quad zero. Then in the packer config, have it specify the SG ID with
security_group_id to use that precreated one instead of having it automatically generate a temporary one.
another option @Thayne Trevenen