Document behavior of AWS {access,secret}_key in relation to credentials file and profile lookup via AWS_PROFILE

This commit is contained in:
Matthew Patton 2015-07-21 17:24:55 -04:00
parent 2010a0c966
commit 9007b1cc67
4 changed files with 15 additions and 20 deletions

View File

@ -58,11 +58,9 @@ can be configured for this builder.
### Required:
* `access_key` (string) - The access key used to communicate with AWS.
If not specified, Packer will use the key from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
or fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY` (in that order), if set.
If the environmental variables aren't set and Packer is running on
an EC2 instance, Packer will check the instance metadata for IAM role
keys.
If not specified, Packer will search the standard [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file using environment variable `AWS_PROFILE` as the profile name, will use the `[default]` entry,
or will fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`.
Finally, if Packer is running on an EC2 instance it will check the instance metadata for IAM role keys.
* `ami_name` (string) - The name of the resulting AMI that will appear
when managing AMIs in the AWS console or via APIs. This must be unique.
@ -70,11 +68,7 @@ can be configured for this builder.
[configuration templates](/docs/templates/configuration-templates.html) for more info)
* `secret_key` (string) - The secret key used to communicate with AWS.
If not specified, Packer will use the secret from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
or fall back to environment variables `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY` (in that order), if set.
If the environmental variables aren't set and Packer is running on
an EC2 instance, Packer will check the instance metadata for IAM role
keys.
Lookup behavior is as above for `access_key` except the variables are `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`.
* `source_ami` (string) - The source AMI whose root volume will be copied
and provisioned on the currently running instance. This must be an

View File

@ -38,8 +38,9 @@ can be configured for this builder.
### Required:
* `access_key` (string) - The access key used to communicate with AWS.
If not specified, Packer will use the key from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
or fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY` (in that order), if set.
If not specified, Packer will search the standard [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file using environment variable `AWS_PROFILE` as the profile name, will use the `[default]` entry,
or will fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`.
Finally, if Packer is running on an EC2 instance it will check the instance metadata for IAM role keys.
* `ami_name` (string) - The name of the resulting AMI that will appear
when managing AMIs in the AWS console or via APIs. This must be unique.
@ -53,8 +54,7 @@ can be configured for this builder.
to launch the EC2 instance to create the AMI.
* `secret_key` (string) - The secret key used to communicate with AWS.
If not specified, Packer will use the secret from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
or fall back to environment variables `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY` (in that order), if set.
Lookup behavior is as above for `access_key` except the variables are `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`
* `source_ami` (string) - The initial AMI used as a base for the newly
created machine.

View File

@ -43,8 +43,9 @@ can be configured for this builder.
### Required:
* `access_key` (string) - The access key used to communicate with AWS.
If not specified, Packer will use the key from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
or fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY` (in that order), if set.
If not specified, Packer will search the standard [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file using environment variable `AWS_PROFILE` as the profile name, will use the `[default]` entry,
or will fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`.
Finally, if Packer is running on an EC2 instance it will check the instance metadata for IAM role keys.
* `account_id` (string) - Your AWS account ID. This is required for bundling
the AMI. This is _not the same_ as the access key. You can find your
@ -65,8 +66,8 @@ can be configured for this builder.
This bucket will be created if it doesn't exist.
* `secret_key` (string) - The secret key used to communicate with AWS.
If not specified, Packer will use the secret from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
or fall back to environment variables `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY` (in that order), if set.
Lookup behavior is as above for `access_key` except the variables are `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`
* `source_ami` (string) - The initial AMI used as a base for the newly
created machine.

View File

@ -33,8 +33,8 @@ much easier to use and Amazon generally recommends EBS-backed images nowadays.
## Using an IAM Instance Profile
If AWS keys are not specified in the template, a [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file or through environment variables
Packer will use credentials provided by the instance's IAM profile, if it has one.
If AWS keys are not specified in the template, Packer will consult the [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file, try the standard AWS environment variables, and then
any IAM role credentials defined by the instance's metadata.
The following policy document provides the minimal set permissions necessary for Packer to work: