From 4608b5d39d05fc6dfe0d8531d62697fa1b95bf88 Mon Sep 17 00:00:00 2001
From: Mikhail Ushanov <gm.mephisto@gmail.com>
Date: Fri, 27 Oct 2017 16:32:23 +0300
Subject: [PATCH 1/2] amazon: add option for skipping TLS verification

Signed-off-by: Mikhail Ushanov <gm.mephisto@gmail.com>
---
 builder/amazon/common/access_config.go | 33 +++++++++++++++++---------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/builder/amazon/common/access_config.go b/builder/amazon/common/access_config.go
index 66b595300..a4c1c29db 100644
--- a/builder/amazon/common/access_config.go
+++ b/builder/amazon/common/access_config.go
@@ -1,8 +1,10 @@
 package common
 
 import (
+	"crypto/tls"
 	"fmt"
 	"log"
+	"net/http"
 	"strings"
 	"time"
 
@@ -19,17 +21,18 @@ import (
 
 // AccessConfig is for common configuration related to AWS access
 type AccessConfig struct {
-	AccessKey            string `mapstructure:"access_key"`
-	CustomEndpointEc2    string `mapstructure:"custom_endpoint_ec2"`
-	DecodeAuthZMessages  bool   `mapstructure:"decode_authorization_messages"`
-	MFACode              string `mapstructure:"mfa_code"`
-	ProfileName          string `mapstructure:"profile"`
-	RawRegion            string `mapstructure:"region"`
-	SecretKey            string `mapstructure:"secret_key"`
-	SkipValidation       bool   `mapstructure:"skip_region_validation"`
-	SkipMetadataApiCheck bool   `mapstructure:"skip_metadata_api_check"`
-	Token                string `mapstructure:"token"`
-	session              *session.Session
+	AccessKey             string `mapstructure:"access_key"`
+	CustomEndpointEc2     string `mapstructure:"custom_endpoint_ec2"`
+	DecodeAuthZMessages   bool   `mapstructure:"decode_authorization_messages"`
+	InsecureSkipTLSVerify bool   `mapstructure:"insecure_skip_tls_verify"`
+	MFACode               string `mapstructure:"mfa_code"`
+	ProfileName           string `mapstructure:"profile"`
+	RawRegion             string `mapstructure:"region"`
+	SecretKey             string `mapstructure:"secret_key"`
+	SkipValidation        bool   `mapstructure:"skip_region_validation"`
+	SkipMetadataApiCheck  bool   `mapstructure:"skip_metadata_api_check"`
+	Token                 string `mapstructure:"token"`
+	session               *session.Session
 
 	getEC2Connection func() ec2iface.EC2API
 }
@@ -60,6 +63,14 @@ func (c *AccessConfig) Session() (*session.Session, error) {
 		config = config.WithEndpoint(c.CustomEndpointEc2)
 	}
 
+	if c.InsecureSkipTLSVerify {
+		config := config.WithHTTPClient(cleanhttp.DefaultClient())
+		transport := config.HTTPClient.Transport.(*http.Transport)
+		transport.TLSClientConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
 	opts := session.Options{
 		SharedConfigState: session.SharedConfigEnable,
 		Config:            *config,

From 9d4d41e32f2984d7fd1f0471ab9e83562d9e2f4d Mon Sep 17 00:00:00 2001
From: Mikhail Ushanov <gm.mephisto@gmail.com>
Date: Wed, 1 Nov 2017 02:32:03 +0300
Subject: [PATCH 2/2] docs/amazon: add 'insecure_skip_tls_verify' option

Signed-off-by: Mikhail Ushanov <gm.mephisto@gmail.com>
---
 website/source/docs/builders/amazon-chroot.html.md        | 3 +++
 website/source/docs/builders/amazon-ebs.html.md           | 3 +++
 website/source/docs/builders/amazon-ebssurrogate.html.md  | 3 +++
 website/source/docs/builders/amazon-ebsvolume.html.md     | 3 +++
 website/source/docs/post-processors/amazon-import.html.md | 3 +++
 5 files changed, 15 insertions(+)

diff --git a/website/source/docs/builders/amazon-chroot.html.md b/website/source/docs/builders/amazon-chroot.html.md
index 54c7ed81b..6af73d0a5 100644
--- a/website/source/docs/builders/amazon-chroot.html.md
+++ b/website/source/docs/builders/amazon-chroot.html.md
@@ -154,6 +154,9 @@ each category, the available configuration keys are alphabetized.
     associated with AMIs, which have been deregistered by `force_deregister`.
     Default `false`.
 
+-   `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
+    the AWS EC2 endpoint. The default is `false`.
+
 -   `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot
     volume encryption. This only applies to the main `region`, other regions
     where the AMI will be copied will be encrypted by the default EBS KMS key.
diff --git a/website/source/docs/builders/amazon-ebs.html.md b/website/source/docs/builders/amazon-ebs.html.md
index 94a815547..2c47ff0e2 100644
--- a/website/source/docs/builders/amazon-ebs.html.md
+++ b/website/source/docs/builders/amazon-ebs.html.md
@@ -242,6 +242,9 @@ builder.
     profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
     to launch the EC2 instance with.
 
+-   `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
+    the AWS EC2 endpoint. The default is `false`.
+
 -   `launch_block_device_mappings` (array of block device mappings) - Add one
     or more block devices before the Packer build starts. If you add instance
     store volumes or EBS volumes in addition to the root device volume, the
diff --git a/website/source/docs/builders/amazon-ebssurrogate.html.md b/website/source/docs/builders/amazon-ebssurrogate.html.md
index baf0a72d2..21706e7d6 100644
--- a/website/source/docs/builders/amazon-ebssurrogate.html.md
+++ b/website/source/docs/builders/amazon-ebssurrogate.html.md
@@ -235,6 +235,9 @@ builder.
     profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
     to launch the EC2 instance with.
 
+-   `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
+    the AWS EC2 endpoint. The default is `false`.
+
 -   `launch_block_device_mappings` (array of block device mappings) - Add one
     or more block devices before the Packer build starts. If you add instance
     store volumes or EBS volumes in addition to the root device volume, the
diff --git a/website/source/docs/builders/amazon-ebsvolume.html.md b/website/source/docs/builders/amazon-ebsvolume.html.md
index 3f274f9cc..daa27b652 100644
--- a/website/source/docs/builders/amazon-ebsvolume.html.md
+++ b/website/source/docs/builders/amazon-ebsvolume.html.md
@@ -189,6 +189,9 @@ builder.
     profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
     to launch the EC2 instance with.
 
+-   `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
+    the AWS EC2 endpoint. The default is `false`.
+
 -   `mfa_code` (string) - The MFA
     [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
     code. This should probably be a user variable since it changes all the
diff --git a/website/source/docs/post-processors/amazon-import.html.md b/website/source/docs/post-processors/amazon-import.html.md
index 74c431155..c544e60ff 100644
--- a/website/source/docs/post-processors/amazon-import.html.md
+++ b/website/source/docs/post-processors/amazon-import.html.md
@@ -85,6 +85,9 @@ Optional:
     provider whose API is compatible with aws EC2. Specify another endpoint
     like this `https://ec2.custom.endpoint.com`.
 
+-   `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
+    the AWS EC2 endpoint. The default is `false`.
+
 -   `license_type` (string) - The license type to be used for the Amazon
     Machine Image (AMI) after importing. Valid values: `AWS` or `BYOL`
     (default). For more details regarding licensing, see