Merge pull request #2482 from tb3088/doc_aws-creds
Document behavior of AWS {access,secret}_key in relation to credentia…
This commit is contained in:
commit
972af2c4cc
|
@ -58,11 +58,9 @@ can be configured for this builder.
|
||||||
### Required:
|
### Required:
|
||||||
|
|
||||||
* `access_key` (string) - The access key used to communicate with AWS.
|
* `access_key` (string) - The access key used to communicate with AWS.
|
||||||
If not specified, Packer will use the key from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
|
If not specified, Packer will search the standard [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file using environment variable `AWS_PROFILE` as the profile name, will use the `[default]` entry,
|
||||||
or fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY` (in that order), if set.
|
or will fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`.
|
||||||
If the environmental variables aren't set and Packer is running on
|
Finally, if Packer is running on an EC2 instance it will check the instance metadata for IAM role keys.
|
||||||
an EC2 instance, Packer will check the instance metadata for IAM role
|
|
||||||
keys.
|
|
||||||
|
|
||||||
* `ami_name` (string) - The name of the resulting AMI that will appear
|
* `ami_name` (string) - The name of the resulting AMI that will appear
|
||||||
when managing AMIs in the AWS console or via APIs. This must be unique.
|
when managing AMIs in the AWS console or via APIs. This must be unique.
|
||||||
|
@ -70,11 +68,7 @@ can be configured for this builder.
|
||||||
[configuration templates](/docs/templates/configuration-templates.html) for more info)
|
[configuration templates](/docs/templates/configuration-templates.html) for more info)
|
||||||
|
|
||||||
* `secret_key` (string) - The secret key used to communicate with AWS.
|
* `secret_key` (string) - The secret key used to communicate with AWS.
|
||||||
If not specified, Packer will use the secret from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
|
Lookup behavior is as above for `access_key` except the variables are `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`.
|
||||||
or fall back to environment variables `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY` (in that order), if set.
|
|
||||||
If the environmental variables aren't set and Packer is running on
|
|
||||||
an EC2 instance, Packer will check the instance metadata for IAM role
|
|
||||||
keys.
|
|
||||||
|
|
||||||
* `source_ami` (string) - The source AMI whose root volume will be copied
|
* `source_ami` (string) - The source AMI whose root volume will be copied
|
||||||
and provisioned on the currently running instance. This must be an
|
and provisioned on the currently running instance. This must be an
|
||||||
|
|
|
@ -38,8 +38,9 @@ can be configured for this builder.
|
||||||
### Required:
|
### Required:
|
||||||
|
|
||||||
* `access_key` (string) - The access key used to communicate with AWS.
|
* `access_key` (string) - The access key used to communicate with AWS.
|
||||||
If not specified, Packer will use the key from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
|
If not specified, Packer will search the standard [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file using environment variable `AWS_PROFILE` as the profile name, will use the `[default]` entry,
|
||||||
or fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY` (in that order), if set.
|
or will fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`.
|
||||||
|
Finally, if Packer is running on an EC2 instance it will check the instance metadata for IAM role keys.
|
||||||
|
|
||||||
* `ami_name` (string) - The name of the resulting AMI that will appear
|
* `ami_name` (string) - The name of the resulting AMI that will appear
|
||||||
when managing AMIs in the AWS console or via APIs. This must be unique.
|
when managing AMIs in the AWS console or via APIs. This must be unique.
|
||||||
|
@ -53,8 +54,7 @@ can be configured for this builder.
|
||||||
to launch the EC2 instance to create the AMI.
|
to launch the EC2 instance to create the AMI.
|
||||||
|
|
||||||
* `secret_key` (string) - The secret key used to communicate with AWS.
|
* `secret_key` (string) - The secret key used to communicate with AWS.
|
||||||
If not specified, Packer will use the secret from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
|
Lookup behavior is as above for `access_key` except the variables are `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`
|
||||||
or fall back to environment variables `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY` (in that order), if set.
|
|
||||||
|
|
||||||
* `source_ami` (string) - The initial AMI used as a base for the newly
|
* `source_ami` (string) - The initial AMI used as a base for the newly
|
||||||
created machine.
|
created machine.
|
||||||
|
|
|
@ -43,8 +43,9 @@ can be configured for this builder.
|
||||||
### Required:
|
### Required:
|
||||||
|
|
||||||
* `access_key` (string) - The access key used to communicate with AWS.
|
* `access_key` (string) - The access key used to communicate with AWS.
|
||||||
If not specified, Packer will use the key from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
|
If not specified, Packer will search the standard [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file using environment variable `AWS_PROFILE` as the profile name, will use the `[default]` entry,
|
||||||
or fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY` (in that order), if set.
|
or will fall back to environment variables `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`.
|
||||||
|
Finally, if Packer is running on an EC2 instance it will check the instance metadata for IAM role keys.
|
||||||
|
|
||||||
* `account_id` (string) - Your AWS account ID. This is required for bundling
|
* `account_id` (string) - Your AWS account ID. This is required for bundling
|
||||||
the AMI. This is _not the same_ as the access key. You can find your
|
the AMI. This is _not the same_ as the access key. You can find your
|
||||||
|
@ -65,8 +66,8 @@ can be configured for this builder.
|
||||||
This bucket will be created if it doesn't exist.
|
This bucket will be created if it doesn't exist.
|
||||||
|
|
||||||
* `secret_key` (string) - The secret key used to communicate with AWS.
|
* `secret_key` (string) - The secret key used to communicate with AWS.
|
||||||
If not specified, Packer will use the secret from any [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file
|
Lookup behavior is as above for `access_key` except the variables are `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`
|
||||||
or fall back to environment variables `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY` (in that order), if set.
|
|
||||||
|
|
||||||
* `source_ami` (string) - The initial AMI used as a base for the newly
|
* `source_ami` (string) - The initial AMI used as a base for the newly
|
||||||
created machine.
|
created machine.
|
||||||
|
|
|
@ -33,8 +33,8 @@ much easier to use and Amazon generally recommends EBS-backed images nowadays.
|
||||||
|
|
||||||
## Using an IAM Instance Profile
|
## Using an IAM Instance Profile
|
||||||
|
|
||||||
If AWS keys are not specified in the template, a [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file or through environment variables
|
If AWS keys are not specified in the template, Packer will consult the [credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) file, try the standard AWS environment variables, and then
|
||||||
Packer will use credentials provided by the instance's IAM profile, if it has one.
|
any IAM role credentials defined by the instance's metadata.
|
||||||
|
|
||||||
The following policy document provides the minimal set permissions necessary for Packer to work:
|
The following policy document provides the minimal set permissions necessary for Packer to work:
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue