Commit Graph

20 Commits

Author SHA1 Message Date
Rickard von Essen 4ce3b8712a
Replace unencrypted EBS snapshots with encrypted
To ensure that groups and users attributes are added to the encrypted
snapshots.
2016-12-06 03:31:09 +01:00
Ari Aviran 46f217f255 amazon - Snapshot permissions correctly applied
Fixes #3344
2016-12-04 16:03:01 +01:00
Rickard von Essen d8ef6d1977 Fixed formatting of source_ami_filter example 2016-11-30 12:32:46 +01:00
Matthew Hooker 7443e21992
fix broken link in docs 2016-11-16 12:39:23 -08:00
Matthew Hooker 1cf9dbf27d
fix json 2016-11-09 11:20:06 -08:00
Matthew Hooker 3d69af1247 sort/uniq IAM policies 2016-11-03 11:49:50 -07:00
Matthew Hooker ac8e70ade0 Revert "Remove duplicate permission"
This reverts commit 78067ff949.
2016-11-03 11:48:55 -07:00
Matthew Hooker 8eab0ee5b2 Merge pull request #4109 from mitchellh/b-docs
builder/amazon: Fix doc of EBS Volume builder name
2016-11-03 10:29:57 -07:00
James Nugent 33c423529d builder/amazon: Fix doc of EBS Volume builder name
Various things still referred to `ebsinit` or `ebs-volume` - the
imported name was `amazon-ebsvolume`.
2016-11-03 11:59:02 -04:00
Amo Chumber 78067ff949 Remove duplicate permission
In the suggested policy `ec2:CopyImage` was listed twice.

I've also sorted alphabetically to make it easier for somebody who might be recreating the policy in the AWS gui to follow along more easily.
2016-11-03 14:41:12 +00:00
James Nugent b1ff8c3bfc builder/amazon: Add `ebs-volume` builder
This commit adds a builder that works like EBS builders, except does not
create an AMI, and instead is intended to create EBS volumes in an
initialized state. For example, the following template can be used to
create and export a set of 3 EBS Volumes in a ZFS zpool named `data` for
importing by instances running production systems:

```
{
	"variables": {
		"aws_access_key_id": "{{ env `AWS_ACCESS_KEY_ID` }}",
		"aws_secret_access_key": "{{ env `AWS_SECRET_ACCESS_KEY` }}",
		"region": "{{ env `AWS_REGION` }}",
		"source_ami": "{{ env `PACKER_SOURCE_AMI` }}",
		"vpc_id": "{{ env `PACKER_VPC_ID` }}",
		"subnet_id": "{{ env `PACKER_SUBNET_ID` }}"
	},
	"builders": [{
		"type": "amazon-ebs-volume",
		"access_key": "{{ user `aws_access_key_id` }}",
		"secret_key": "{{ user `aws_secret_access_key` }}",
		"region": "{{user `region`}}",
		"spot_price_auto_product": "Linux/UNIX (Amazon VPC)",

		"ssh_pty": true,
		"instance_type": "t2.medium",
		"vpc_id": "{{user `vpc_id` }}",
		"subnet_id": "{{user `subnet_id` }}",
		"associate_public_ip_address": true,
		"source_ami": "{{user `source_ami` }}",
		"ssh_username": "ubuntu",
		"ssh_timeout": "5m",

		"ebs_volumes": [
			{
				"device_name": "/dev/xvdf",
				"delete_on_termination": false,
				"volume_size": 10,
				"volume_type": "gp2",
				"tags": {
					"Name": "TeamCity-Data1",
					"zpool": "data",
					"Component": "TeamCity"
				}
			},
			{
				"device_name": "/dev/xvdg",
				"delete_on_termination": false,
				"volume_size": 10,
				"volume_type": "gp2",
				"tags": {
					"Name": "TeamCity-Data2",
					"zpool": "data",
					"Component": "TeamCity"
				}
			},
			{
				"device_name": "/dev/xvdh",
				"delete_on_termination": false,
				"volume_size": 10,
				"volume_type": "gp2",
				"tags": {
					"Name": "TeamCity-Data3",
					"zpool": "data",
					"Component": "TeamCity"
				}
			}
		]
	}],
	"provisioners": [
	{
		"type": "shell",
		"start_retry_timeout": "10m",
		"inline": [
			"DEBIAN_FRONTEND=noninteractive sudo apt-get update",
			"DEBIAN_FRONTEND=noninteractive sudo apt-get install -y zfs",
			"lsblk",
			"sudo parted /dev/xvdf --script mklabel GPT",
			"sudo parted /dev/xvdg --script mklabel GPT",
			"sudo parted /dev/xvdh --script mklabel GPT",
			"sudo zpool create -m none data raidz xvdf xvdg xvdh",
			"sudo zpool status",
			"sudo zpool export data",
			"sudo zpool status"
		]
	}
	]
}
```

StepModifyInstance and StepStopInstance are now shared between EBS and
EBS-Volume builders - move them into the AWS common directory and rename
them to indicate that they only apply to EBS-backed builders.
2016-11-02 12:56:39 -04:00
Jinesh Choksi 0f4d2341cb Packer v0.11.0 requires "ec2:DescribeSecurityGroups" permissions to work
Without the "ec2:DescribeSecurityGroups" permission, you would get the following error:

2016/10/25 16:03:28 ui: ==> aws: Creating temporary security group for this instance...
2016/10/25 16:03:28 packer.exe: 2016/10/25 16:03:28 Temporary group name: packer 580f7440-2135-068c-99b7-35595a7522d1
2016/10/25 16:03:28 ui: ==> aws: Authorizing access to port 22 the temporary security group...
2016/10/25 16:03:28 packer.exe: 2016/10/25 16:03:28 [DEBUG] Describing tempSecurityGroup to ensure it is available: sg-38e0355e
2016/10/25 16:03:29 packer.exe: 2016/10/25 16:03:29 [DEBUG] Error in querying security group UnauthorizedOperation: You are not authorized to perform this operation.
2016/10/25 16:03:29 packer.exe: 	status code: 403, request id: bc664eff-cc01-42c1-8408-23493c11d92d
2016-10-25 16:27:20 +01:00
Matthew Hooker 24c4ba3bb5 add the error you might see 2016-10-03 17:40:52 -07:00
Matthew Hooker 7a1b84cec1 add some debugging info for if your clock is skewed 2016-10-02 17:32:57 -07:00
Huy Nguyen 5e1aa22dc7 IAM permission needed to deregister failed images (#3796) 2016-08-23 23:55:01 +02:00
www.elconas.de e6c590ace4 Fix IAM Policy to avoid 'Error enabling Enhanced Networking on xxxxxxx: UnauthorizedOperation: You are not authorized to perform this operation' (#3696) 2016-08-23 23:54:42 +02:00
mieciu 23296988b8 Update example AWS policy document 2016-08-22 17:06:20 +02:00
Erik Olson a6b59d742d Amazon documentation, update policy document - minimal set of permissions to allow copying AMIs to other regions 2016-06-01 12:59:25 -04:00
Justin Phelps c53e3d01c0 Adding reference to GetPasswordData in the Amazon builder documentation. Fixes #3546 (#3558) 2016-05-20 10:15:40 -07:00
Chris Bednarski 1256babce3 Change .markdown to .md because it's shorter 2016-03-11 17:06:36 -08:00