builder/amazon/common: token [GH-1236]

CHANGELOG.md

@@ -13,6 +13,8 @@ FEATURES:
 
 IMPROVEMENTS:
 
+  * builder/amazon/all: `AWS_SECURITY_TOKEN` is read and can also be
+      set with the `token` configuration. [GH-1236]
   * builder/amazon-instance: EBS AMIs can be used as a source. [GH-1453]
   * builder/digitalocean: Can set API URL endpoint. [GH-1448]
   * builder/digitalocean: Region supports variables. [GH-1452]

builder/amazon/common/access_config.go

@@ -13,6 +13,7 @@ type AccessConfig struct {
 	AccessKey string `mapstructure:"access_key"`
 	SecretKey string `mapstructure:"secret_key"`
 	RawRegion string `mapstructure:"region"`
+	Token     string `mapstructure:"token"`
 }
 
 // Auth returns a valid aws.Auth object for access to AWS services, or
@@ -23,6 +24,10 @@ func (c *AccessConfig) Auth() (aws.Auth, error) {
 		// Store the accesskey and secret that we got...
 		c.AccessKey = auth.AccessKey
 		c.SecretKey = auth.SecretKey
+		c.Token = auth.Token
+	}
+	if auth.Token == "" && c.Token != "" {
+		auth.Token = c.Token
 	}
 
 	return auth, err

website/source/docs/builders/amazon-ebs.html.markdown

@@ -138,6 +138,11 @@ each category, the available configuration keys are alphabetized.
 * `temporary_key_pair_name` (string) - The name of the temporary keypair
   to generate. By default, Packer generates a name with a UUID.
 
+* `token` (string) - The access token to use. This is different from
+  the access key and secret key. If you're not sure what this is, then you
+  probably don't need it. This will also be read from the `AWS_SECURITY_TOKEN`
+  environmental variable.
+
 * `user_data` (string) - User data to apply when launching the instance.
   Note that you need to be careful about escaping characters due to the
   templates being JSON. It is often more convenient to use `user_data_file`,