Allow temporary security group to have source CIDR block explicitly provided

builder/amazon/common/run_config.go

@@ -40,6 +40,7 @@ type RunConfig struct {
 	DisableStopInstance               bool              `mapstructure:"disable_stop_instance"`
 	SecurityGroupId                   string            `mapstructure:"security_group_id"`
 	SecurityGroupIds                  []string          `mapstructure:"security_group_ids"`
+	SecurityGroupSourceCidr           string            `mapstructure:"security_group_source_cidr"`
 	SubnetId                          string            `mapstructure:"subnet_id"`
 	TemporaryKeyPairName              string            `mapstructure:"temporary_key_pair_name"`
 	UserData                          string            `mapstructure:"user_data"`
@@ -115,6 +116,10 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
 		}
 	}
 
+	if c.SecurityGroupSourceCidr == "" {
+		c.SecurityGroupSourceCidr = "0.0.0.0/0"
+	}
+
 	if c.InstanceInitiatedShutdownBehavior == "" {
 		c.InstanceInitiatedShutdownBehavior = "stop"
 	} else if !reShutdownBehavior.MatchString(c.InstanceInitiatedShutdownBehavior) {

builder/amazon/common/step_security_group.go

@@ -15,9 +15,10 @@ import (
 )
 
 type StepSecurityGroup struct {
-	CommConfig       *communicator.Config
-	SecurityGroupIds []string
-	VpcId            string
+	CommConfig              *communicator.Config
+	SecurityGroupIds        []string
+	VpcId                   string
+	SecurityGroupSourceCidr string
 
 	createdGroupId string
 }
@@ -78,15 +79,15 @@ func (s *StepSecurityGroup) Run(state multistep.StateBag) multistep.StepAction {
 		IpProtocol: aws.String("tcp"),
 		FromPort:   aws.Int64(int64(port)),
 		ToPort:     aws.Int64(int64(port)),
-		CidrIp:     aws.String("0.0.0.0/0"),
+		CidrIp:     aws.String(s.SecurityGroupSourceCidr),
 	}
 
 	// We loop and retry this a few times because sometimes the security
 	// group isn't available immediately because AWS resources are eventually
 	// consistent.
 	ui.Say(fmt.Sprintf(
-		"Authorizing access to port %d on the temporary security group...",
-		port))
+		"Authorizing access to port %d from %s in the temporary security group...",
+		port, s.SecurityGroupSourceCidr))
 	for i := 0; i < 5; i++ {
 		_, err = ec2conn.AuthorizeSecurityGroupIngress(req)
 		if err == nil {

builder/amazon/ebs/builder.go

@@ -132,6 +132,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			SecurityGroupIds: b.config.SecurityGroupIds,
 			CommConfig:       &b.config.RunConfig.Comm,
 			VpcId:            b.config.VpcId,
+			SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
 		},
 		&stepCleanupVolumes{
 			BlockDevices: b.config.BlockDevices,

builder/amazon/ebssurrogate/builder.go

@@ -146,6 +146,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			SecurityGroupIds: b.config.SecurityGroupIds,
 			CommConfig:       &b.config.RunConfig.Comm,
 			VpcId:            b.config.VpcId,
+			SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
 		},
 		&awscommon.StepRunSourceInstance{
 			Debug:                    b.config.PackerDebug,

builder/amazon/ebsvolume/builder.go

@@ -121,6 +121,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			SecurityGroupIds: b.config.SecurityGroupIds,
 			CommConfig:       &b.config.RunConfig.Comm,
 			VpcId:            b.config.VpcId,
+			SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
 		},
 		&awscommon.StepRunSourceInstance{
 			Debug:                    b.config.PackerDebug,

builder/amazon/instance/builder.go

@@ -217,6 +217,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			CommConfig:       &b.config.RunConfig.Comm,
 			SecurityGroupIds: b.config.SecurityGroupIds,
 			VpcId:            b.config.VpcId,
+			SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
 		},
 		&awscommon.StepRunSourceInstance{
 			Debug:                    b.config.PackerDebug,