diff --git a/post-processor/amazon-import/post-processor.go b/post-processor/amazon-import/post-processor.go index 2d8d77c12..a339da040 100644 --- a/post-processor/amazon-import/post-processor.go +++ b/post-processor/amazon-import/post-processor.go @@ -26,11 +26,14 @@ type Config struct { awscommon.AccessConfig `mapstructure:",squash"` // Variables specific to this post processor - S3Bucket string `mapstructure:"s3_bucket_name"` - S3Key string `mapstructure:"s3_key_name"` - SkipClean bool `mapstructure:"skip_clean"` - Tags map[string]string `mapstructure:"tags"` - Name string `mapstructure:"ami_name"` + S3Bucket string `mapstructure:"s3_bucket_name"` + S3Key string `mapstructure:"s3_key_name"` + SkipClean bool `mapstructure:"skip_clean"` + Tags map[string]string `mapstructure:"tags"` + Name string `mapstructure:"ami_name"` + Description string `mapstructure:"ami_description"` + Users []string `mapstructure:"ami_users"` + Groups []string `mapstrcuture:"ami_groups"` ctx interpolate.Context } @@ -304,6 +307,60 @@ func (p *PostProcessor) PostProcess(ui packer.Ui, artifact packer.Artifact) (pac } + // Apply atttributes for AMI specified in config + // (duped from builder/amazon/common/step_modify_ami_attributes.go) + options := make(map[string]*ec2.ModifyImageAttributeInput) + if p.config.Description != "" { + options["description"] = &ec2.ModifyImageAttributeInput{ + Description: &ec2.AttributeValue{Value: &p.config.Description}, + } + } + + if len(p.config.Groups) > 0 { + groups := make([]*string, len(p.config.Groups)) + adds := make([]*ec2.LaunchPermission, len(p.config.Groups)) + addGroups := &ec2.ModifyImageAttributeInput{ + LaunchPermission: &ec2.LaunchPermissionModifications{}, + } + + for i, g := range p.config.Groups { + groups[i] = aws.String(g) + adds[i] = &ec2.LaunchPermission{ + Group: aws.String(g), + } + } + addGroups.UserGroups = groups + addGroups.LaunchPermission.Add = adds + + options["groups"] = addGroups + } + + if len(p.config.Users) > 0 { + users := make([]*string, len(p.config.Users)) + adds := make([]*ec2.LaunchPermission, len(p.config.Users)) + for i, u := range p.config.Users { + users[i] = aws.String(u) + adds[i] = &ec2.LaunchPermission{UserId: aws.String(u)} + } + options["users"] = &ec2.ModifyImageAttributeInput{ + UserIds: users, + LaunchPermission: &ec2.LaunchPermissionModifications{ + Add: adds, + }, + } + } + + if len(options) > 0 { + for name, input := range options { + ui.Message(fmt.Sprintf("Modifying: %s", name)) + input.ImageId = &createdami + _, err := ec2conn.ModifyImageAttribute(input) + if err != nil { + return nil, false, fmt.Errorf("Error modifying AMI attributes: %s", err) + } + } + } + // Add the reported AMI ID to the artifact list log.Printf("Adding created AMI ID %s in region %s to output artifacts", createdami, *config.Region) artifact = &awscommon.Artifact{ diff --git a/website/source/docs/post-processors/amazon-import.html.md b/website/source/docs/post-processors/amazon-import.html.md index e13061a11..4e2009fc3 100644 --- a/website/source/docs/post-processors/amazon-import.html.md +++ b/website/source/docs/post-processors/amazon-import.html.md @@ -51,6 +51,12 @@ Optional: - `tags` (object of key/value strings) - Tags applied to the created AMI and relevant snapshots. +- `ami_users` (array of strings) - A list of account IDs that have access to launch the imported AMI. By default no additional users other than the user importing the AMI has permission to launch it. + +- `ami_groups` (array of strings) - A list of groups that have access to launch the imported AMI. By default no groups have permission to launch the AMI. `all` will make the AMI publically accessible. AWS currently doesn't accept any value other than "all". + +- `ami_description` (string) - The description to set for the resulting imported AMI. By default this description is generated by the AMI import process. + ## Basic Example Here is a basic example. This assumes that the builder has produced an OVA artifact for us to work with, and IAM roles for import exist in the AWS account being imported into.