packer-cn/website/source/docs/builders/amazon.html.markdown

---
layout: "docs"
page_title: "Amazon AMI Builder"
---

# Amazon AMI Builder

Packer is able to create Amazon AMIs. To achieve this, Packer comes with
multiple builders depending on the strategy you want to use to build the
AMI. Packer supports the following builders at the moment:

* [amazon-ebs](/docs/builders/amazon-ebs.html) - Create EBS-backed AMIs
  by launching a source instance and re-packaging it into a new AMI after
  provisioning. If in doubt, use this builder, which is the easiest to get
  started with.

* [amazon-instance](/docs/builders/amazon-instance.html) - Create
  instance-store AMIs by launching and provisioning a source instance, then
  rebundling it and uploading it to S3.

* [amazon-chroot](/docs/builders/amazon-chroot.html) - Create EBS-backed AMIs
  from an existing EC2 instance by mounting the root device and using a
  [Chroot](http://en.wikipedia.org/wiki/Chroot) environment to provision
  that device. This is an **advanced builder and should not be used by
  newcomers**. However, it is also the fastest way to build an EBS-backed
  AMI since no new EC2 instance needs to be launched.

<div class="alert alert-block alert-info">
<strong>Don't know which builder to use?</strong> If in doubt, use the
<a href="/docs/builders/amazon-ebs.html">amazon-ebs builder</a>. It is
much easier to use and Amazon generally recommends EBS-backed images nowadays.
</div>

## Using an IAM Instance Profile

If AWS keys are not specified in the template or through environment variables
Packer will use credentials provided by the instance's IAM profile, if it has one.

The following policy document provides the minimal set permissions necessary for Packer to work:

<pre class="prettyprint">
{
  "Statement": [{
      "Effect": "Allow",
      "Action" : [
        "ec2:AttachVolume",
        "ec2:CreateVolume",
        "ec2:DeleteVolume",
        "ec2:CreateKeypair",
        "ec2:DeleteKeypair",
        "ec2:CreateSecurityGroup",
        "ec2:DeleteSecurityGroup",
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:CreateImage",
        "ec2:RunInstances",
        "ec2:TerminateInstances",
        "ec2:StopInstances",
        "ec2:DescribeVolumes",
        "ec2:DetachVolume",
        "ec2:DescribeInstances",
        "ec2:CreateSnapshot",
        "ec2:DeleteSnapshot",
        "ec2:DescribeSnapshots",
        "ec2:DescribeImages",
        "ec2:RegisterImage",
        "ec2:CreateTags",
        "ec2:ModifyImageAttribute"
      ],
      "Resource" : "*"
  }]
}
</pre>

Depending on what setting you use the following Actions might have to be allowed as well:
* `ec2:ModifyImageAttribute` when using `ami_description`
website: document the amazon-instance builder 2013-07-25 11:51:21 -04:00			`---`
			`layout: "docs"`
			`page_title: "Amazon AMI Builder"`
			`---`

			`# Amazon AMI Builder`

			`Packer is able to create Amazon AMIs. To achieve this, Packer comes with`
			`multiple builders depending on the strategy you want to use to build the`
			`AMI. Packer supports the following builders at the moment:`

			`* [amazon-ebs](/docs/builders/amazon-ebs.html) - Create EBS-backed AMIs`
			`by launching a source instance and re-packaging it into a new AMI after`
			`provisioning. If in doubt, use this builder, which is the easiest to get`
			`started with.`

			`* [amazon-instance](/docs/builders/amazon-instance.html) - Create`
			`instance-store AMIs by launching and provisioning a source instance, then`
			`rebundling it and uploading it to S3.`

website: docs for amazon-chroot 2013-07-31 01:17:58 -04:00			`* [amazon-chroot](/docs/builders/amazon-chroot.html) - Create EBS-backed AMIs`
			`from an existing EC2 instance by mounting the root device and using a`
			`[Chroot](http://en.wikipedia.org/wiki/Chroot) environment to provision`
			`that device. This is an **advanced builder and should not be used by`
			`newcomers**. However, it is also the fastest way to build an EBS-backed`
			`AMI since no new EC2 instance needs to be launched.`

website: document the amazon-instance builder 2013-07-25 11:51:21 -04:00			`<div class="alert alert-block alert-info">`
			`<strong>Don't know which builder to use?</strong> If in doubt, use the`
			`<a href="/docs/builders/amazon-ebs.html">amazon-ebs builder</a>. It is`
			`much easier to use and Amazon generally recommends EBS-backed images nowadays.`
			`</div>`
website: move iam policy documentation to the root amazon page 2013-11-25 07:27:38 -05:00
			`## Using an IAM Instance Profile`

			`If AWS keys are not specified in the template or through environment variables`
			`Packer will use credentials provided by the instance's IAM profile, if it has one.`

			`The following policy document provides the minimal set permissions necessary for Packer to work:`

			`<pre class="prettyprint">`
			`{`
			`"Statement": [{`
			`"Effect": "Allow",`
			`"Action" : [`
			`"ec2:AttachVolume",`
			`"ec2:CreateVolume",`
			`"ec2:DeleteVolume",`
Fix EC2 IAM documentation. Possibly fixes #577 2014-04-29 03:05:49 -04:00			`"ec2:CreateKeypair",`
			`"ec2:DeleteKeypair",`
			`"ec2:CreateSecurityGroup",`
			`"ec2:DeleteSecurityGroup",`
			`"ec2:AuthorizeSecurityGroupIngress",`
			`"ec2:CreateImage",`
			`"ec2:RunInstances",`
			`"ec2:TerminateInstances",`
			`"ec2:StopInstances",`
website: move iam policy documentation to the root amazon page 2013-11-25 07:27:38 -05:00			`"ec2:DescribeVolumes",`
			`"ec2:DetachVolume",`
			`"ec2:DescribeInstances",`
			`"ec2:CreateSnapshot",`
			`"ec2:DeleteSnapshot",`
			`"ec2:DescribeSnapshots",`
			`"ec2:DescribeImages",`
			`"ec2:RegisterImage",`
Fix EC2 IAM documentation. Possibly fixes #577 2014-04-29 03:05:49 -04:00			`"ec2:CreateTags",`
			`"ec2:ModifyImageAttribute"`
website: move iam policy documentation to the root amazon page 2013-11-25 07:27:38 -05:00			`],`
			`"Resource" : "*"`
			`}]`
			`}`
			`</pre>`

			`Depending on what setting you use the following Actions might have to be allowed as well:`
			* `ec2:ModifyImageAttribute` when using `ami_description`