From 056f1f6e762ff4207de6f832f54a17b9645eeed9 Mon Sep 17 00:00:00 2001 From: Wilken Rivera Date: Thu, 7 May 2020 14:51:19 -0400 Subject: [PATCH] docs/amazon/builder: Add not about using a temporary_iam_instance_profile_policy_document --- builder/amazon/common/run_config.go | 2 +- website/pages/partials/builders/aws-sesson-manager.mdx | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/builder/amazon/common/run_config.go b/builder/amazon/common/run_config.go index c14b40916..abbfca068 100644 --- a/builder/amazon/common/run_config.go +++ b/builder/amazon/common/run_config.go @@ -467,7 +467,7 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error { } if c.IamInstanceProfile == "" && c.TemporaryIamInstanceProfilePolicyDocument == nil { - msg := fmt.Errorf(`no iam_instance_profile defined; when using %q a valid instance profile with AmazonSSMManagedInstanceCore permissions is required`, c.SSHInterface) + msg := fmt.Errorf(`no iam_instance_profile defined; when using %q a valid instance profile with AmazonSSMManagedInstanceCore permissions is required. Alternatively a temporary_iam_instance_profile_policy_document can be used.`, c.SSHInterface) errs = append(errs, msg) } } diff --git a/website/pages/partials/builders/aws-sesson-manager.mdx b/website/pages/partials/builders/aws-sesson-manager.mdx index 867e9ff6c..6c133ccd6 100644 --- a/website/pages/partials/builders/aws-sesson-manager.mdx +++ b/website/pages/partials/builders/aws-sesson-manager.mdx @@ -7,6 +7,10 @@ To use the session manager as the connection interface for the SSH communicator * `ssh_interface`: The ssh interface must be set to "session_manager", when using this option the builder will no to create an SSM tunnel to the configured `ssh_port` (defaults to 22) on the remote host. * `iam_instance_profile`: A valid instance profile granting Systems Manger permissions to manage the remote instance is required in order for the aws ssm-agent to start and stop session connections. See below for more details on IAM instance profile for Systems Manager(#iam-instance-profile-for-systems-manager). +#### Optional + * `temporary_iam_instance_profile_policy_document`: A temporary instance profile policy document can be used of an existing `iam_instance_profile`. + * `session_manager_port`: A local port on the host machine that should be used as the local end of the session tunnel to the remote host. If not specified Packer will find an available port to use. + ```json { "builders": [