amazon: Allow SSH Agent auth for existing key pair

This commit allows SSH Agent authentication to be used with an existing
key pair defined in AWS.

builder/amazon/common/step_key_pair.go

@@ -25,13 +25,8 @@ type StepKeyPair struct {
 func (s *StepKeyPair) Run(state multistep.StateBag) multistep.StepAction {
 	ui := state.Get("ui").(packer.Ui)
 
-	if s.SSHAgentAuth {
-		ui.Say("Using SSH Agent")
-		return multistep.ActionContinue
-	}
-
 	if s.PrivateKeyFile != "" {
-		ui.Say("Using existing ssh private key")
+		ui.Say("Using existing SSH private key")
 		privateKeyBytes, err := ioutil.ReadFile(s.PrivateKeyFile)
 		if err != nil {
 			state.Put("error", fmt.Errorf(
@@ -45,6 +40,17 @@ func (s *StepKeyPair) Run(state multistep.StateBag) multistep.StepAction {
 		return multistep.ActionContinue
 	}
 
+	if s.SSHAgentAuth && s.KeyPairName == "" {
+		ui.Say("Using SSH Agent with key pair in Source AMI")
+		return multistep.ActionContinue
+	}
+
+	if s.SSHAgentAuth && s.KeyPairName != "" {
+		ui.Say(fmt.Sprintf("Using SSH Agent for existing key pair %s", s.KeyPairName))
+		state.Put("keyPair", s.KeyPairName)
+		return multistep.ActionContinue
+	}
+
 	if s.TemporaryKeyPairName == "" {
 		ui.Say("Not using temporary keypair")
 		state.Put("keyPair", "")

website/source/docs/builders/amazon-ebs.html.md

@@ -188,17 +188,20 @@ builder.
     `Linux/UNIX (Amazon VPC)`, `SUSE Linux (Amazon VPC)`, `Windows (Amazon VPC)`
 
 -   `ssh_keypair_name` (string) - If specified, this is the key that will be
-    used for SSH with the machine. By default, this is blank, and Packer will
+    used for SSH with the machine. The key must match a key pair name loaded
+    up into Amazon EC2.  By default, this is blank, and Packer will
     generate a temporary keypair unless
     [`ssh_password`](/docs/templates/communicator.html#ssh_password) is used.
     [`ssh_private_key_file`](/docs/templates/communicator.html#ssh_private_key_file)
-    must be specified with this.
+    or `ssh_agent_auth` must be specified when `ssh_keypair_name` is utilized.
 
 -   `ssh_agent_auth` (boolean) - If true, the local SSH agent will be used to
     authenticate connections to the source instance. No temporary keypair will
     be created, and the values of `ssh_password` and `ssh_private_key_file` will
-    be ignored. This is suitable for use if the source AMI already has authorized
-    keys configured.
+    be ignored. To use this option with a key pair already configured in the source
+    AMI, leave the `ssh_keypair_name` blank. To associate an existing key pair
+    in AWS with the source instance, set the `ssh_keypair_name` field to the name
+    of the key pair.
 
 -   `ssh_private_ip` (boolean) - If true, then SSH will always use the private
     IP if available.

website/source/docs/builders/amazon-instance.html.md

@@ -210,13 +210,15 @@ builder.
     generate a temporary keypair unless
     [`ssh_password`](/docs/templates/communicator.html#ssh_password) is used.
     [`ssh_private_key_file`](/docs/templates/communicator.html#ssh_private_key_file)
-    must be specified when `ssh_keypair_name` is utilized.
+    or `ssh_agent_auth` must be specified when `ssh_keypair_name` is utilized.
 
 -   `ssh_agent_auth` (boolean) - If true, the local SSH agent will be used to
     authenticate connections to the source instance. No temporary keypair will
     be created, and the values of `ssh_password` and `ssh_private_key_file` will
-    be ignored. This is suitable for use if the source AMI already has authorized
-    keys configured.
+    be ignored. To use this option with a key pair already configured in the source
+    AMI, leave the `ssh_keypair_name` blank. To associate an existing key pair
+    in AWS with the source instance, set the `ssh_keypair_name` field to the name
+    of the key pair.
     
 -   `ssh_private_ip` (boolean) - If true, then SSH will always use the private
     IP if available.