From 88c516b2d53fe1758c1e50b666348c534a3fd239 Mon Sep 17 00:00:00 2001 From: Jessi Date: Tue, 9 Feb 2021 03:47:54 -0700 Subject: [PATCH] Add IMDSv2 support for AWS EBS builder (#10546) --- builder/amazon/common/run_config.go | 46 ++++++++++++++- builder/amazon/common/run_config.hcl2spec.go | 29 +++++++++- .../amazon/common/step_run_source_instance.go | 7 +++ .../amazon/common/step_run_spot_instance.go | 7 +++ builder/amazon/ebs/builder.go | 6 ++ builder/amazon/ebs/builder.hcl2spec.go | 2 + builder/amazon/ebssurrogate/builder.go | 6 ++ .../amazon/ebssurrogate/builder.hcl2spec.go | 2 + builder/amazon/ebsvolume/builder.go | 6 ++ builder/amazon/ebsvolume/builder.hcl2spec.go | 2 + builder/amazon/instance/builder.hcl2spec.go | 2 + website/content/docs/builders/amazon/ebs.mdx | 58 +++++++++++++++++++ .../docs/builders/amazon/ebssurrogate.mdx | 58 +++++++++++++++++++ .../docs/builders/amazon/ebsvolume.mdx | 58 +++++++++++++++++++ .../common/MetadataOptions-not-required.mdx | 10 ++++ .../builder/amazon/common/MetadataOptions.mdx | 4 ++ .../amazon/common/RunConfig-not-required.mdx | 2 + 17 files changed, 303 insertions(+), 2 deletions(-) create mode 100644 website/content/partials/builder/amazon/common/MetadataOptions-not-required.mdx create mode 100644 website/content/partials/builder/amazon/common/MetadataOptions.mdx diff --git a/builder/amazon/common/run_config.go b/builder/amazon/common/run_config.go index 256703973..57888c9b7 100644 --- a/builder/amazon/common/run_config.go +++ b/builder/amazon/common/run_config.go @@ -1,5 +1,5 @@ //go:generate struct-markdown -//go:generate mapstructure-to-hcl2 -type AmiFilterOptions,SecurityGroupFilterOptions,SubnetFilterOptions,VpcFilterOptions,PolicyDocument,Statement +//go:generate mapstructure-to-hcl2 -type AmiFilterOptions,SecurityGroupFilterOptions,SubnetFilterOptions,VpcFilterOptions,PolicyDocument,Statement,MetadataOptions package common @@ -44,6 +44,20 @@ type SecurityGroupFilterOptions struct { config.NameValueFilter `mapstructure:",squash"` } +// Configures the metadata options. +// See [Configure IMDS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) for details. +type MetadataOptions struct { + // A string to enable or disble the IMDS endpoint for an instance. Defaults to enabled. + // Accepts either "enabled" or "disabled" + HttpEndpoint string `mapstructure:"http_endpoint" required:"false"` + // A string to either set the use of IMDSv2 for the instance to optional or required. Defaults to "optional". + // Accepts either "optional" or "required" + HttpTokens string `mapstructure:"http_tokens" required:"false"` + // A numerical value to set an upper limit for the amount of hops allowed when communicating with IMDS endpoints. + // Defaults to 1. + HttpPutResponseHopLimit int64 `mapstructure:"http_put_response_hop_limit" required:"false"` +} + // RunConfig contains configuration for running an instance from a source // AMI and details on how to access that launched image. type RunConfig struct { @@ -426,6 +440,9 @@ type RunConfig struct { // 10m WindowsPasswordTimeout time.Duration `mapstructure:"windows_password_timeout" required:"false"` + // [Metadata Settings](#metadata-settings) + Metadata MetadataOptions `mapstructure:"metadata_options" required:"false"` + // Communicator settings Comm communicator.Config `mapstructure:",squash"` @@ -486,6 +503,33 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error { // Validation errs := c.Comm.Prepare(ctx) + if c.Metadata.HttpEndpoint == "" { + c.Metadata.HttpEndpoint = "enabled" + } + + if c.Metadata.HttpTokens == "" { + c.Metadata.HttpTokens = "optional" + } + + if c.Metadata.HttpPutResponseHopLimit == 0 { + c.Metadata.HttpPutResponseHopLimit = 1 + } + + if c.Metadata.HttpEndpoint != "enabled" && c.Metadata.HttpEndpoint != "disabled" { + msg := fmt.Errorf("http_endpoint requires either disabled or enabled as its value") + errs = append(errs, msg) + } + + if c.Metadata.HttpTokens != "optional" && c.Metadata.HttpTokens != "required" { + msg := fmt.Errorf("http_tokens requires either optional or required as its value") + errs = append(errs, msg) + } + + if c.Metadata.HttpPutResponseHopLimit < 1 || c.Metadata.HttpPutResponseHopLimit > 64 { + msg := fmt.Errorf("http_put_response_hop_limit requires a number between 1 and 64") + errs = append(errs, msg) + } + // Copy singular tag maps errs = append(errs, c.RunTag.CopyOn(&c.RunTags)...) errs = append(errs, c.SpotTag.CopyOn(&c.SpotTags)...) diff --git a/builder/amazon/common/run_config.hcl2spec.go b/builder/amazon/common/run_config.hcl2spec.go index c800283fb..919a7af08 100644 --- a/builder/amazon/common/run_config.hcl2spec.go +++ b/builder/amazon/common/run_config.hcl2spec.go @@ -1,4 +1,4 @@ -// Code generated by "mapstructure-to-hcl2 -type AmiFilterOptions,SecurityGroupFilterOptions,SubnetFilterOptions,VpcFilterOptions,PolicyDocument,Statement"; DO NOT EDIT. +// Code generated by "mapstructure-to-hcl2 -type AmiFilterOptions,SecurityGroupFilterOptions,SubnetFilterOptions,VpcFilterOptions,PolicyDocument,Statement,MetadataOptions"; DO NOT EDIT. package common @@ -35,6 +35,33 @@ func (*FlatAmiFilterOptions) HCL2Spec() map[string]hcldec.Spec { return s } +// FlatMetadataOptions is an auto-generated flat version of MetadataOptions. +// Where the contents of a field with a `mapstructure:,squash` tag are bubbled up. +type FlatMetadataOptions struct { + HttpEndpoint *string `mapstructure:"http_endpoint" required:"false" cty:"http_endpoint" hcl:"http_endpoint"` + HttpTokens *string `mapstructure:"http_tokens" required:"false" cty:"http_tokens" hcl:"http_tokens"` + HttpPutResponseHopLimit *int64 `mapstructure:"http_put_response_hop_limit" required:"false" cty:"http_put_response_hop_limit" hcl:"http_put_response_hop_limit"` +} + +// FlatMapstructure returns a new FlatMetadataOptions. +// FlatMetadataOptions is an auto-generated flat version of MetadataOptions. +// Where the contents a fields with a `mapstructure:,squash` tag are bubbled up. +func (*MetadataOptions) FlatMapstructure() interface{ HCL2Spec() map[string]hcldec.Spec } { + return new(FlatMetadataOptions) +} + +// HCL2Spec returns the hcl spec of a MetadataOptions. +// This spec is used by HCL to read the fields of MetadataOptions. +// The decoded values from this spec will then be applied to a FlatMetadataOptions. +func (*FlatMetadataOptions) HCL2Spec() map[string]hcldec.Spec { + s := map[string]hcldec.Spec{ + "http_endpoint": &hcldec.AttrSpec{Name: "http_endpoint", Type: cty.String, Required: false}, + "http_tokens": &hcldec.AttrSpec{Name: "http_tokens", Type: cty.String, Required: false}, + "http_put_response_hop_limit": &hcldec.AttrSpec{Name: "http_put_response_hop_limit", Type: cty.Number, Required: false}, + } + return s +} + // FlatPolicyDocument is an auto-generated flat version of PolicyDocument. // Where the contents of a field with a `mapstructure:,squash` tag are bubbled up. type FlatPolicyDocument struct { diff --git a/builder/amazon/common/step_run_source_instance.go b/builder/amazon/common/step_run_source_instance.go index 9c33d8224..09ca62847 100644 --- a/builder/amazon/common/step_run_source_instance.go +++ b/builder/amazon/common/step_run_source_instance.go @@ -29,6 +29,9 @@ type StepRunSourceInstance struct { EbsOptimized bool EnableT2Unlimited bool ExpectedRootDevice string + HttpEndpoint string + HttpTokens string + HttpPutResponseHopLimit int64 InstanceInitiatedShutdownBehavior string InstanceType string IsRestricted bool @@ -144,6 +147,10 @@ func (s *StepRunSourceInstance) Run(ctx context.Context, state multistep.StateBa runOpts.CreditSpecification = &ec2.CreditSpecificationRequest{CpuCredits: &creditOption} } + if s.HttpEndpoint == "enabled" { + runOpts.MetadataOptions = &ec2.InstanceMetadataOptionsRequest{HttpEndpoint: &s.HttpEndpoint, HttpTokens: &s.HttpTokens, HttpPutResponseHopLimit: &s.HttpPutResponseHopLimit} + } + // Collect tags for tagging on resource creation var tagSpecs []*ec2.TagSpecification diff --git a/builder/amazon/common/step_run_spot_instance.go b/builder/amazon/common/step_run_spot_instance.go index 2f454b7c0..ded801bfc 100644 --- a/builder/amazon/common/step_run_spot_instance.go +++ b/builder/amazon/common/step_run_spot_instance.go @@ -34,6 +34,9 @@ type StepRunSpotInstance struct { Comm *communicator.Config EbsOptimized bool ExpectedRootDevice string + HttpEndpoint string + HttpTokens string + HttpPutResponseHopLimit int64 InstanceInitiatedShutdownBehavior string InstanceType string Region string @@ -127,6 +130,10 @@ func (s *StepRunSpotInstance) CreateTemplateData(userData *string, az string, } + if s.HttpEndpoint == "enabled" { + templateData.MetadataOptions = &ec2.LaunchTemplateInstanceMetadataOptionsRequest{HttpEndpoint: &s.HttpEndpoint, HttpTokens: &s.HttpTokens, HttpPutResponseHopLimit: &s.HttpPutResponseHopLimit} + } + // If instance type is not set, we'll just pick the lowest priced instance // available. if s.InstanceType != "" { diff --git a/builder/amazon/ebs/builder.go b/builder/amazon/ebs/builder.go index fb3b9cbf6..1d895ffde 100644 --- a/builder/amazon/ebs/builder.go +++ b/builder/amazon/ebs/builder.go @@ -187,6 +187,9 @@ func (b *Builder) Run(ctx context.Context, ui packersdk.Ui, hook packersdk.Hook) Debug: b.config.PackerDebug, EbsOptimized: b.config.EbsOptimized, ExpectedRootDevice: "ebs", + HttpEndpoint: b.config.Metadata.HttpEndpoint, + HttpTokens: b.config.Metadata.HttpTokens, + HttpPutResponseHopLimit: b.config.Metadata.HttpPutResponseHopLimit, InstanceInitiatedShutdownBehavior: b.config.InstanceInitiatedShutdownBehavior, InstanceType: b.config.InstanceType, Region: *ec2conn.Config.Region, @@ -211,6 +214,9 @@ func (b *Builder) Run(ctx context.Context, ui packersdk.Ui, hook packersdk.Hook) EbsOptimized: b.config.EbsOptimized, EnableT2Unlimited: b.config.EnableT2Unlimited, ExpectedRootDevice: "ebs", + HttpEndpoint: b.config.Metadata.HttpEndpoint, + HttpTokens: b.config.Metadata.HttpTokens, + HttpPutResponseHopLimit: b.config.Metadata.HttpPutResponseHopLimit, InstanceInitiatedShutdownBehavior: b.config.InstanceInitiatedShutdownBehavior, InstanceType: b.config.InstanceType, IsRestricted: b.config.IsChinaCloud() || b.config.IsGovCloud(), diff --git a/builder/amazon/ebs/builder.hcl2spec.go b/builder/amazon/ebs/builder.hcl2spec.go index 1aa30daac..18a8a1ba2 100644 --- a/builder/amazon/ebs/builder.hcl2spec.go +++ b/builder/amazon/ebs/builder.hcl2spec.go @@ -90,6 +90,7 @@ type FlatConfig struct { VpcFilter *common.FlatVpcFilterOptions `mapstructure:"vpc_filter" required:"false" cty:"vpc_filter" hcl:"vpc_filter"` VpcId *string `mapstructure:"vpc_id" required:"false" cty:"vpc_id" hcl:"vpc_id"` WindowsPasswordTimeout *string `mapstructure:"windows_password_timeout" required:"false" cty:"windows_password_timeout" hcl:"windows_password_timeout"` + Metadata *common.FlatMetadataOptions `mapstructure:"metadata_options" required:"false" cty:"metadata_options" hcl:"metadata_options"` Type *string `mapstructure:"communicator" cty:"communicator" hcl:"communicator"` PauseBeforeConnect *string `mapstructure:"pause_before_connecting" cty:"pause_before_connecting" hcl:"pause_before_connecting"` SSHHost *string `mapstructure:"ssh_host" cty:"ssh_host" hcl:"ssh_host"` @@ -240,6 +241,7 @@ func (*FlatConfig) HCL2Spec() map[string]hcldec.Spec { "vpc_filter": &hcldec.BlockSpec{TypeName: "vpc_filter", Nested: hcldec.ObjectSpec((*common.FlatVpcFilterOptions)(nil).HCL2Spec())}, "vpc_id": &hcldec.AttrSpec{Name: "vpc_id", Type: cty.String, Required: false}, "windows_password_timeout": &hcldec.AttrSpec{Name: "windows_password_timeout", Type: cty.String, Required: false}, + "metadata_options": &hcldec.BlockSpec{TypeName: "metadata_options", Nested: hcldec.ObjectSpec((*common.FlatMetadataOptions)(nil).HCL2Spec())}, "communicator": &hcldec.AttrSpec{Name: "communicator", Type: cty.String, Required: false}, "pause_before_connecting": &hcldec.AttrSpec{Name: "pause_before_connecting", Type: cty.String, Required: false}, "ssh_host": &hcldec.AttrSpec{Name: "ssh_host", Type: cty.String, Required: false}, diff --git a/builder/amazon/ebssurrogate/builder.go b/builder/amazon/ebssurrogate/builder.go index 7b4a50ed2..356f14c50 100644 --- a/builder/amazon/ebssurrogate/builder.go +++ b/builder/amazon/ebssurrogate/builder.go @@ -207,6 +207,9 @@ func (b *Builder) Run(ctx context.Context, ui packersdk.Ui, hook packersdk.Hook) Debug: b.config.PackerDebug, EbsOptimized: b.config.EbsOptimized, ExpectedRootDevice: "ebs", + HttpEndpoint: b.config.Metadata.HttpEndpoint, + HttpTokens: b.config.Metadata.HttpTokens, + HttpPutResponseHopLimit: b.config.Metadata.HttpPutResponseHopLimit, InstanceInitiatedShutdownBehavior: b.config.InstanceInitiatedShutdownBehavior, InstanceType: b.config.InstanceType, Region: *ec2conn.Config.Region, @@ -230,6 +233,9 @@ func (b *Builder) Run(ctx context.Context, ui packersdk.Ui, hook packersdk.Hook) EbsOptimized: b.config.EbsOptimized, EnableT2Unlimited: b.config.EnableT2Unlimited, ExpectedRootDevice: "ebs", + HttpEndpoint: b.config.Metadata.HttpEndpoint, + HttpTokens: b.config.Metadata.HttpTokens, + HttpPutResponseHopLimit: b.config.Metadata.HttpPutResponseHopLimit, InstanceInitiatedShutdownBehavior: b.config.InstanceInitiatedShutdownBehavior, InstanceType: b.config.InstanceType, IsRestricted: b.config.IsChinaCloud() || b.config.IsGovCloud(), diff --git a/builder/amazon/ebssurrogate/builder.hcl2spec.go b/builder/amazon/ebssurrogate/builder.hcl2spec.go index 39b337491..e837458c5 100644 --- a/builder/amazon/ebssurrogate/builder.hcl2spec.go +++ b/builder/amazon/ebssurrogate/builder.hcl2spec.go @@ -113,6 +113,7 @@ type FlatConfig struct { VpcFilter *common.FlatVpcFilterOptions `mapstructure:"vpc_filter" required:"false" cty:"vpc_filter" hcl:"vpc_filter"` VpcId *string `mapstructure:"vpc_id" required:"false" cty:"vpc_id" hcl:"vpc_id"` WindowsPasswordTimeout *string `mapstructure:"windows_password_timeout" required:"false" cty:"windows_password_timeout" hcl:"windows_password_timeout"` + Metadata *common.FlatMetadataOptions `mapstructure:"metadata_options" required:"false" cty:"metadata_options" hcl:"metadata_options"` Type *string `mapstructure:"communicator" cty:"communicator" hcl:"communicator"` PauseBeforeConnect *string `mapstructure:"pause_before_connecting" cty:"pause_before_connecting" hcl:"pause_before_connecting"` SSHHost *string `mapstructure:"ssh_host" cty:"ssh_host" hcl:"ssh_host"` @@ -263,6 +264,7 @@ func (*FlatConfig) HCL2Spec() map[string]hcldec.Spec { "vpc_filter": &hcldec.BlockSpec{TypeName: "vpc_filter", Nested: hcldec.ObjectSpec((*common.FlatVpcFilterOptions)(nil).HCL2Spec())}, "vpc_id": &hcldec.AttrSpec{Name: "vpc_id", Type: cty.String, Required: false}, "windows_password_timeout": &hcldec.AttrSpec{Name: "windows_password_timeout", Type: cty.String, Required: false}, + "metadata_options": &hcldec.BlockSpec{TypeName: "metadata_options", Nested: hcldec.ObjectSpec((*common.FlatMetadataOptions)(nil).HCL2Spec())}, "communicator": &hcldec.AttrSpec{Name: "communicator", Type: cty.String, Required: false}, "pause_before_connecting": &hcldec.AttrSpec{Name: "pause_before_connecting", Type: cty.String, Required: false}, "ssh_host": &hcldec.AttrSpec{Name: "ssh_host", Type: cty.String, Required: false}, diff --git a/builder/amazon/ebsvolume/builder.go b/builder/amazon/ebsvolume/builder.go index d22c589b3..0afe9eb71 100644 --- a/builder/amazon/ebsvolume/builder.go +++ b/builder/amazon/ebsvolume/builder.go @@ -195,6 +195,9 @@ func (b *Builder) Run(ctx context.Context, ui packersdk.Ui, hook packersdk.Hook) Debug: b.config.PackerDebug, EbsOptimized: b.config.EbsOptimized, ExpectedRootDevice: "ebs", + HttpEndpoint: b.config.Metadata.HttpEndpoint, + HttpTokens: b.config.Metadata.HttpTokens, + HttpPutResponseHopLimit: b.config.Metadata.HttpPutResponseHopLimit, InstanceInitiatedShutdownBehavior: b.config.InstanceInitiatedShutdownBehavior, InstanceType: b.config.InstanceType, Region: *ec2conn.Config.Region, @@ -218,6 +221,9 @@ func (b *Builder) Run(ctx context.Context, ui packersdk.Ui, hook packersdk.Hook) EbsOptimized: b.config.EbsOptimized, EnableT2Unlimited: b.config.EnableT2Unlimited, ExpectedRootDevice: "ebs", + HttpEndpoint: b.config.Metadata.HttpEndpoint, + HttpTokens: b.config.Metadata.HttpTokens, + HttpPutResponseHopLimit: b.config.Metadata.HttpPutResponseHopLimit, InstanceInitiatedShutdownBehavior: b.config.InstanceInitiatedShutdownBehavior, InstanceType: b.config.InstanceType, IsRestricted: b.config.IsChinaCloud() || b.config.IsGovCloud(), diff --git a/builder/amazon/ebsvolume/builder.hcl2spec.go b/builder/amazon/ebsvolume/builder.hcl2spec.go index 016566710..241b45fd9 100644 --- a/builder/amazon/ebsvolume/builder.hcl2spec.go +++ b/builder/amazon/ebsvolume/builder.hcl2spec.go @@ -115,6 +115,7 @@ type FlatConfig struct { VpcFilter *common.FlatVpcFilterOptions `mapstructure:"vpc_filter" required:"false" cty:"vpc_filter" hcl:"vpc_filter"` VpcId *string `mapstructure:"vpc_id" required:"false" cty:"vpc_id" hcl:"vpc_id"` WindowsPasswordTimeout *string `mapstructure:"windows_password_timeout" required:"false" cty:"windows_password_timeout" hcl:"windows_password_timeout"` + Metadata *common.FlatMetadataOptions `mapstructure:"metadata_options" required:"false" cty:"metadata_options" hcl:"metadata_options"` Type *string `mapstructure:"communicator" cty:"communicator" hcl:"communicator"` PauseBeforeConnect *string `mapstructure:"pause_before_connecting" cty:"pause_before_connecting" hcl:"pause_before_connecting"` SSHHost *string `mapstructure:"ssh_host" cty:"ssh_host" hcl:"ssh_host"` @@ -242,6 +243,7 @@ func (*FlatConfig) HCL2Spec() map[string]hcldec.Spec { "vpc_filter": &hcldec.BlockSpec{TypeName: "vpc_filter", Nested: hcldec.ObjectSpec((*common.FlatVpcFilterOptions)(nil).HCL2Spec())}, "vpc_id": &hcldec.AttrSpec{Name: "vpc_id", Type: cty.String, Required: false}, "windows_password_timeout": &hcldec.AttrSpec{Name: "windows_password_timeout", Type: cty.String, Required: false}, + "metadata_options": &hcldec.BlockSpec{TypeName: "metadata_options", Nested: hcldec.ObjectSpec((*common.FlatMetadataOptions)(nil).HCL2Spec())}, "communicator": &hcldec.AttrSpec{Name: "communicator", Type: cty.String, Required: false}, "pause_before_connecting": &hcldec.AttrSpec{Name: "pause_before_connecting", Type: cty.String, Required: false}, "ssh_host": &hcldec.AttrSpec{Name: "ssh_host", Type: cty.String, Required: false}, diff --git a/builder/amazon/instance/builder.hcl2spec.go b/builder/amazon/instance/builder.hcl2spec.go index 481eb46da..cc23f639d 100644 --- a/builder/amazon/instance/builder.hcl2spec.go +++ b/builder/amazon/instance/builder.hcl2spec.go @@ -90,6 +90,7 @@ type FlatConfig struct { VpcFilter *common.FlatVpcFilterOptions `mapstructure:"vpc_filter" required:"false" cty:"vpc_filter" hcl:"vpc_filter"` VpcId *string `mapstructure:"vpc_id" required:"false" cty:"vpc_id" hcl:"vpc_id"` WindowsPasswordTimeout *string `mapstructure:"windows_password_timeout" required:"false" cty:"windows_password_timeout" hcl:"windows_password_timeout"` + Metadata *common.FlatMetadataOptions `mapstructure:"metadata_options" required:"false" cty:"metadata_options" hcl:"metadata_options"` Type *string `mapstructure:"communicator" cty:"communicator" hcl:"communicator"` PauseBeforeConnect *string `mapstructure:"pause_before_connecting" cty:"pause_before_connecting" hcl:"pause_before_connecting"` SSHHost *string `mapstructure:"ssh_host" cty:"ssh_host" hcl:"ssh_host"` @@ -245,6 +246,7 @@ func (*FlatConfig) HCL2Spec() map[string]hcldec.Spec { "vpc_filter": &hcldec.BlockSpec{TypeName: "vpc_filter", Nested: hcldec.ObjectSpec((*common.FlatVpcFilterOptions)(nil).HCL2Spec())}, "vpc_id": &hcldec.AttrSpec{Name: "vpc_id", Type: cty.String, Required: false}, "windows_password_timeout": &hcldec.AttrSpec{Name: "windows_password_timeout", Type: cty.String, Required: false}, + "metadata_options": &hcldec.BlockSpec{TypeName: "metadata_options", Nested: hcldec.ObjectSpec((*common.FlatMetadataOptions)(nil).HCL2Spec())}, "communicator": &hcldec.AttrSpec{Name: "communicator", Type: cty.String, Required: false}, "pause_before_connecting": &hcldec.AttrSpec{Name: "pause_before_connecting", Type: cty.String, Required: false}, "ssh_host": &hcldec.AttrSpec{Name: "ssh_host", Type: cty.String, Required: false}, diff --git a/website/content/docs/builders/amazon/ebs.mdx b/website/content/docs/builders/amazon/ebs.mdx index abb3736c9..8c8a37598 100644 --- a/website/content/docs/builders/amazon/ebs.mdx +++ b/website/content/docs/builders/amazon/ebs.mdx @@ -91,6 +91,64 @@ necessary for this build to succeed and can be found further down the page. @include 'builder/amazon/common/RunConfig-not-required.mdx' +#### Metadata Settings + +@include 'builder/amazon/common/MetadataOptions.mdx' + +@include 'builder/amazon/common/MetadataOptions-not-required.mdx' + +Usage Example + + + + +```hcl +source "amazon-ebs" "basic-example" { + region = "us-east-1" + source_ami = "ami-fce3c696" + instance_type = "t2.micro" + ssh_username = "ubuntu" + ami_name = "packer_AWS_example_{{timestamp}}" + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + http_put_response_hop_limit = 1 + } +} +``` + + + + +```json +{ + "variables": { + "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}", + "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}" + }, + "builders": [ + { + "type": "amazon-ebs", + "access_key": "{{user `aws_access_key`}}", + "secret_key": "{{user `aws_secret_key`}}", + "region": "us-east-1", + "source_ami": "ami-fce3c696", + "instance_type": "t2.micro", + "ssh_username": "ubuntu", + "ami_name": "packer_AWS {{timestamp}}", + "metadata_options": { + "http_endpoint": "enabled", + "http_tokens": "required", + "http_put_response_hop_limit": 1 + } + } + ] +} +``` + + + + @include 'builders/aws-session-manager.mdx' ### Block Devices Configuration diff --git a/website/content/docs/builders/amazon/ebssurrogate.mdx b/website/content/docs/builders/amazon/ebssurrogate.mdx index 9d8055af9..42b594749 100644 --- a/website/content/docs/builders/amazon/ebssurrogate.mdx +++ b/website/content/docs/builders/amazon/ebssurrogate.mdx @@ -87,6 +87,64 @@ necessary for this build to succeed and can be found further down the page. @include 'builder/amazon/common/RunConfig-not-required.mdx' +#### Metadata Settings + +@include 'builder/amazon/common/MetadataOptions.mdx' + +@include 'builder/amazon/common/MetadataOptions-not-required.mdx' + +Usage Example + + + + +```hcl +source "amazon-ebs" "basic-example" { + region = "us-east-1" + source_ami = "ami-fce3c696" + instance_type = "t2.micro" + ssh_username = "ubuntu" + ami_name = "packer_AWS_example_{{timestamp}}" + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + http_put_response_hop_limit = 1 + } +} +``` + + + + +```json +{ + "variables": { + "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}", + "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}" + }, + "builders": [ + { + "type": "amazon-ebs", + "access_key": "{{user `aws_access_key`}}", + "secret_key": "{{user `aws_secret_key`}}", + "region": "us-east-1", + "source_ami": "ami-fce3c696", + "instance_type": "t2.micro", + "ssh_username": "ubuntu", + "ami_name": "packer_AWS {{timestamp}}", + "metadata_options": { + "http_endpoint": "enabled", + "http_tokens": "required", + "http_put_response_hop_limit": 1 + } + } + ] +} +``` + + + + @include 'builders/aws-session-manager.mdx' ### Block Devices Configuration diff --git a/website/content/docs/builders/amazon/ebsvolume.mdx b/website/content/docs/builders/amazon/ebsvolume.mdx index a912da4a6..43fb94404 100644 --- a/website/content/docs/builders/amazon/ebsvolume.mdx +++ b/website/content/docs/builders/amazon/ebsvolume.mdx @@ -106,6 +106,64 @@ Block devices can be nested in the @include 'builder/amazon/common/RunConfig-not-required.mdx' +#### Metadata Settings + +@include 'builder/amazon/common/MetadataOptions.mdx' + +@include 'builder/amazon/common/MetadataOptions-not-required.mdx' + +Usage Example + + + + +```hcl +source "amazon-ebs" "basic-example" { + region = "us-east-1" + source_ami = "ami-fce3c696" + instance_type = "t2.micro" + ssh_username = "ubuntu" + ami_name = "packer_AWS_example_{{timestamp}}" + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + http_put_response_hop_limit = 1 + } +} +``` + + + + +```json +{ + "variables": { + "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}", + "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}" + }, + "builders": [ + { + "type": "amazon-ebs", + "access_key": "{{user `aws_access_key`}}", + "secret_key": "{{user `aws_secret_key`}}", + "region": "us-east-1", + "source_ami": "ami-fce3c696", + "instance_type": "t2.micro", + "ssh_username": "ubuntu", + "ami_name": "packer_AWS {{timestamp}}", + "metadata_options": { + "http_endpoint": "enabled", + "http_tokens": "required", + "http_put_response_hop_limit": 1 + } + } + ] +} +``` + + + + @include 'builders/aws-session-manager.mdx' ### Communicator Configuration diff --git a/website/content/partials/builder/amazon/common/MetadataOptions-not-required.mdx b/website/content/partials/builder/amazon/common/MetadataOptions-not-required.mdx new file mode 100644 index 000000000..dd1eb033c --- /dev/null +++ b/website/content/partials/builder/amazon/common/MetadataOptions-not-required.mdx @@ -0,0 +1,10 @@ + + +- `http_endpoint` (string) - A string to enable or disble the IMDS endpoint for an instance. Defaults to enabled. + Accepts either "enabled" or "disabled" + +- `http_tokens` (string) - A string to either set the use of IMDSv2 for the instance to optional or required. Defaults to "optional". + Accepts either "optional" or "required" + +- `http_put_response_hop_limit` (int64) - A numerical value to set an upper limit for the amount of hops allowed when communicating with IMDS endpoints. + Defaults to 1. diff --git a/website/content/partials/builder/amazon/common/MetadataOptions.mdx b/website/content/partials/builder/amazon/common/MetadataOptions.mdx new file mode 100644 index 000000000..3cbdc1b6c --- /dev/null +++ b/website/content/partials/builder/amazon/common/MetadataOptions.mdx @@ -0,0 +1,4 @@ + + +Configures the metadata options. +See [Configure IMDS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) for details. diff --git a/website/content/partials/builder/amazon/common/RunConfig-not-required.mdx b/website/content/partials/builder/amazon/common/RunConfig-not-required.mdx index e7ad36873..07f56abe5 100644 --- a/website/content/partials/builder/amazon/common/RunConfig-not-required.mdx +++ b/website/content/partials/builder/amazon/common/RunConfig-not-required.mdx @@ -364,6 +364,8 @@ password for Windows instances. Defaults to 20 minutes. Example value: 10m +- `metadata_options` (MetadataOptions) - [Metadata Settings](#metadata-settings) + - `ssh_interface` (string) - One of `public_ip`, `private_ip`, `public_dns`, `private_dns` or `session_manager`. If set, either the public IP address, private IP address, public DNS name or private DNS name will be used as the host for SSH. The default behaviour