iSharkFly-Docs/packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

formatted amazon docs

Browse Source
This commit is contained in:
Megan Marsh 2019-02-11 11:40:56 -08:00
parent 90baa006da
commit 51b46b851a
4 changed files with 107 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
website/source/docs/builders/amazon-chroot.html.md
View File

@ -24,7 +24,7 @@ builder is able to build an EBS-backed AMI without launching a new EC2
instance. This can dramatically speed up AMI builds for organizations who need
the extra fast build.
~> **This is an advanced builder** If you're just getting started with
\~> **This is an advanced builder** If you're just getting started with
Packer, we recommend starting with the [amazon-ebs
builder](/docs/builders/amazon-ebs.html), which is much easier to use.
@ -154,8 +154,8 @@ each category, the available configuration keys are alphabetized.
associated with AMIs, which have been deregistered by `force_deregister`.
Default `false`.
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
the AWS EC2 endpoint. The default is `false`.
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS
verification of the AWS EC2 endpoint. The default is `false`.
- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot
volume encryption. This only applies to the main `region`, other regions
@ -362,42 +362,33 @@ each category, the available configuration keys are alphabetized.
[template engine](/docs/templates/engine.html), see [Build template
data](#build-template-data) for more information.
- `vault_aws_engine` (object) - Get credentials from Hashicorp Vault's aws
secrets engine. You must already have created a role to use. For more
information about generating credentials via the Vault engine, see the
[Vault docs.]
(https://www.vaultproject.io/api/secret/aws/index.html#generate-credentials)
If you set this
flag, you must also set the below options:
- `name` (string) - Required. Specifies the name of the role to generate
credentials against. This is part of the request URL.
- `engine_name` (string) - The name of the aws secrets engine. In the Vault
docs, this is normally referred to as "aws", and Packer will default to
"aws" if `engine_name` is not set.
- `role_arn` (string)- The ARN of the role to assume if credential_type on
the Vault role is assumed_role. Must match one of the allowed role ARNs
in the Vault role. Optional if the Vault role only allows a single AWS
role ARN; required otherwise.
- `ttl` (string) - Specifies the TTL for the use of the STS token. This is
specified as a string with a duration suffix. Valid only when
credential_type is assumed_role or federation_token. When not specified,
the default_sts_ttl set for the role will be used. If that is also not
set, then the default value of 3600s will be used. AWS places limits on
the maximum TTL allowed. See the AWS documentation on the DurationSeconds
parameter for AssumeRole (for assumed_role credential types) and
GetFederationToken (for federation_token credential types) for more
details.
- `vault_aws_engine` (object) - Get credentials from Hashicorp Vault's aws
secrets engine. You must already have created a role to use. For more
information about generating credentials via the Vault engine, see the
[Vault
docs.](https://www.vaultproject.io/api/secret/aws/index.html#generate-credentials)
If you set this flag, you must also set the below options:
- `name` (string) - Required. Specifies the name of the role to generate
credentials against. This is part of the request URL.
- `engine_name` (string) - The name of the aws secrets engine. In the
Vault docs, this is normally referred to as "aws", and Packer will
default to "aws" if `engine_name` is not set.
- `role_arn` (string)- The ARN of the role to assume if credential\_type
on the Vault role is assumed\_role. Must match one of the allowed role
ARNs in the Vault role. Optional if the Vault role only allows a single
AWS role ARN; required otherwise.
- `ttl` (string) - Specifies the TTL for the use of the STS token. This
is specified as a string with a duration suffix. Valid only when
credential\_type is assumed\_role or federation\_token. When not
specified, the default\_sts\_ttl set for the role will be used. If that
is also not set, then the default value of 3600s will be used. AWS
places limits on the maximum TTL allowed. See the AWS documentation on
the DurationSeconds parameter for AssumeRole (for assumed\_role
credential types) and GetFederationToken (for federation\_token
credential types) for more details.
Example:
``` json
{
"vault_aws_engine": {
"name": "myrole",
"role_arn": "myarn",
"ttl": "3600s"
}
}
```
Example:
`json { "vault_aws_engine": { "name": "myrole", "role_arn": "myarn", "ttl": "3600s" } }`
## Basic Example
@ -494,8 +485,8 @@ services:
### Ansible provisioner
Running ansible against `amazon-chroot` requires changing the Ansible connection
to chroot and running Ansible as root/sudo.
Running ansible against `amazon-chroot` requires changing the Ansible
connection to chroot and running Ansible as root/sudo.
### Using Instances with NVMe block devices.

55
website/source/docs/builders/amazon-ebs.html.md
View File

@ -47,7 +47,8 @@ builder.
- `access_key` (string) - The access key used to communicate with AWS. [Learn
how to set this](amazon.html#specifying-amazon-credentials). This is not
required if you are using `use_vault_aws_engine` for authentication instead.
required if you are using `use_vault_aws_engine` for authentication
instead.
- `ami_name` (string) - The name of the resulting AMI that will appear when
managing AMIs in the AWS console or via APIs. This must be unique. To help
@ -62,7 +63,8 @@ builder.
- `secret_key` (string) - The secret key used to communicate with AWS. [Learn
how to set this](amazon.html#specifying-amazon-credentials). This is not
required if you are using `use_vault_aws_engine` for authentication instead.
required if you are using `use_vault_aws_engine` for authentication
instead.
- `source_ami` (string) - The initial AMI used as a base for the newly
created machine. `source_ami_filter` may be used instead to populate this
@ -507,31 +509,30 @@ builder.
- `user_data_file` (string) - Path to a file that will be used for the user
data when launching the instance.
- `vault_aws_engine` (object) - Get credentials from Hashicorp Vault's aws
secrets engine. You must already have created a role to use. For more
information about generating credentials via the Vault engine, see the
[Vault docs.]
(https://www.vaultproject.io/api/secret/aws/index.html#generate-credentials)
If you set this
flag, you must also set the below options:
- `name` (string) - Required. Specifies the name of the role to generate
credentials against. This is part of the request URL.
- `engine_name` (string) - The name of the aws secrets engine. In the Vault
docs, this is normally referred to as "aws", and Packer will default to
"aws" if `engine_name` is not set.
- `role_arn` (string)- The ARN of the role to assume if credential_type on
the Vault role is assumed_role. Must match one of the allowed role ARNs
in the Vault role. Optional if the Vault role only allows a single AWS
role ARN; required otherwise.
- `ttl` (string) - Specifies the TTL for the use of the STS token. This is
specified as a string with a duration suffix. Valid only when
credential_type is assumed_role or federation_token. When not specified,
the default_sts_ttl set for the role will be used. If that is also not
set, then the default value of 3600s will be used. AWS places limits on
the maximum TTL allowed. See the AWS documentation on the DurationSeconds
parameter for AssumeRole (for assumed_role credential types) and
GetFederationToken (for federation_token credential types) for more
details.
- `vault_aws_engine` (object) - Get credentials from Hashicorp Vault's aws
secrets engine. You must already have created a role to use. For more
information about generating credentials via the Vault engine, see the
[Vault
docs.](https://www.vaultproject.io/api/secret/aws/index.html#generate-credentials)
If you set this flag, you must also set the below options:
- `name` (string) - Required. Specifies the name of the role to generate
credentials against. This is part of the request URL.
- `engine_name` (string) - The name of the aws secrets engine. In the
Vault docs, this is normally referred to as "aws", and Packer will
default to "aws" if `engine_name` is not set.
- `role_arn` (string)- The ARN of the role to assume if credential\_type
on the Vault role is assumed\_role. Must match one of the allowed role
ARNs in the Vault role. Optional if the Vault role only allows a single
AWS role ARN; required otherwise.
- `ttl` (string) - Specifies the TTL for the use of the STS token. This
is specified as a string with a duration suffix. Valid only when
credential\_type is assumed\_role or federation\_token. When not
specified, the default\_sts\_ttl set for the role will be used. If that
is also not set, then the default value of 3600s will be used. AWS
places limits on the maximum TTL allowed. See the AWS documentation on
the DurationSeconds parameter for AssumeRole (for assumed\_role
credential types) and GetFederationToken (for federation\_token
credential types) for more details.
``` json
{

53
website/source/docs/builders/amazon-ebssurrogate.html.md
View File

@ -497,42 +497,33 @@ builder.
- `user_data_file` (string) - Path to a file that will be used for the user
data when launching the instance.
- `vault_aws_engine` (object) - Get credentials from Hashicorp Vault's aws
secrets engine. You must already have created a role to use. For more
information about generating credentials via the Vault engine, see the
[Vault docs.]
(https://www.vaultproject.io/api/secret/aws/index.html#generate-credentials)
[Vault
docs.](https://www.vaultproject.io/api/secret/aws/index.html#generate-credentials)
If you set this flag, you must also set the below options:
- `name` (string) - Required. Specifies the name of the role to generate
credentials against. This is part of the request URL.
- `engine_name` (string) - The name of the aws secrets engine. In the Vault
docs, this is normally referred to as "aws", and Packer will default to
"aws" if `engine_name` is not set.
- `role_arn` (string)- The ARN of the role to assume if credential_type on
the Vault role is assumed_role. Must match one of the allowed role ARNs
in the Vault role. Optional if the Vault role only allows a single AWS
role ARN; required otherwise.
- `ttl` (string) - Specifies the TTL for the use of the STS token. This is
specified as a string with a duration suffix. Valid only when
credential_type is assumed_role or federation_token. When not specified,
the default_sts_ttl set for the role will be used. If that is also not
set, then the default value of 3600s will be used. AWS places limits on
the maximum TTL allowed. See the AWS documentation on the DurationSeconds
parameter for AssumeRole (for assumed_role credential types) and
GetFederationToken (for federation_token credential types) for more
details.
- `name` (string) - Required. Specifies the name of the role to generate
credentials against. This is part of the request URL.
- `engine_name` (string) - The name of the aws secrets engine. In the Vault
docs, this is normally referred to as "aws", and Packer will default to
"aws" if `engine_name` is not set.
- `role_arn` (string)- The ARN of the role to assume if credential\_type on
the Vault role is assumed\_role. Must match one of the allowed role ARNs in
the Vault role. Optional if the Vault role only allows a single AWS role
ARN; required otherwise.
- `ttl` (string) - Specifies the TTL for the use of the STS token. This is
specified as a string with a duration suffix. Valid only when
credential\_type is assumed\_role or federation\_token. When not specified,
the default\_sts\_ttl set for the role will be used. If that is also not
set, then the default value of 3600s will be used. AWS places limits on the
maximum TTL allowed. See the AWS documentation on the DurationSeconds
parameter for AssumeRole (for assumed\_role credential types) and
GetFederationToken (for federation\_token credential types) for more
details.
Example:
``` json
{
"vault_aws_engine": {
"name": "myrole",
"role_arn": "myarn",
"ttl": "3600s"
}
}
```
Example:
`json { "vault_aws_engine": { "name": "myrole", "role_arn": "myarn", "ttl": "3600s" } }`
- `vpc_id` (string) - If launching into a VPC subnet, Packer needs the VPC ID
in order to create a temporary security group within the VPC. Requires
`subnet_id` to be set. If this field is left blank, Packer will try to get

62
website/source/docs/builders/amazon-instance.html.md
View File

@ -489,43 +489,33 @@ builder.
- `user_data_file` (string) - Path to a file that will be used for the user
data when launching the instance.
- `vault_aws_engine` (object) - Get credentials from Hashicorp Vault's aws
secrets engine. You must already have created a role to use. For more
information about generating credentials via the Vault engine, see the
[Vault
docs.](https://www.vaultproject.io/api/secret/aws/index.html#generate-credentials)
If you set this flag, you must also set the below options:
- `name` (string) - Required. Specifies the name of the role to generate
credentials against. This is part of the request URL.
- `engine_name` (string) - The name of the aws secrets engine. In the
Vault docs, this is normally referred to as "aws", and Packer will
default to "aws" if `engine_name` is not set.
- `role_arn` (string)- The ARN of the role to assume if credential\_type
on the Vault role is assumed\_role. Must match one of the allowed role
ARNs in the Vault role. Optional if the Vault role only allows a single
AWS role ARN; required otherwise.
- `ttl` (string) - Specifies the TTL for the use of the STS token. This
is specified as a string with a duration suffix. Valid only when
credential\_type is assumed\_role or federation\_token. When not
specified, the default\_sts\_ttl set for the role will be used. If that
is also not set, then the default value of 3600s will be used. AWS
places limits on the maximum TTL allowed. See the AWS documentation on
the DurationSeconds parameter for AssumeRole (for assumed\_role
credential types) and GetFederationToken (for federation\_token
credential types) for more details.
- `vault_aws_engine` (object) - Get credentials from Hashicorp Vault's aws
secrets engine. You must already have created a role to use. For more
information about generating credentials via the Vault engine, see the
[Vault docs.]
(https://www.vaultproject.io/api/secret/aws/index.html#generate-credentials)
If you set this
flag, you must also set the below options:
- `name` (string) - Required. Specifies the name of the role to generate
credentials against. This is part of the request URL.
- `engine_name` (string) - The name of the aws secrets engine. In the Vault
docs, this is normally referred to as "aws", and Packer will default to
"aws" if `engine_name` is not set.
- `role_arn` (string)- The ARN of the role to assume if credential_type on
the Vault role is assumed_role. Must match one of the allowed role ARNs
in the Vault role. Optional if the Vault role only allows a single AWS
role ARN; required otherwise.
- `ttl` (string) - Specifies the TTL for the use of the STS token. This is
specified as a string with a duration suffix. Valid only when
credential_type is assumed_role or federation_token. When not specified,
the default_sts_ttl set for the role will be used. If that is also not
set, then the default value of 3600s will be used. AWS places limits on
the maximum TTL allowed. See the AWS documentation on the DurationSeconds
parameter for AssumeRole (for assumed_role credential types) and
GetFederationToken (for federation_token credential types) for more
details.
Example:
``` json
{
"vault_aws_engine": {
"name": "myrole",
"role_arn": "myarn",
"ttl": "3600s"
}
}
```
Example:
`json { "vault_aws_engine": { "name": "myrole", "role_arn": "myarn", "ttl": "3600s" } }`
- `vpc_id` (string) - If launching into a VPC subnet, Packer needs the VPC ID
in order to create a temporary security group within the VPC. Requires