Commit Graph

52 Commits

Author SHA1 Message Date
Adrien Delorme 4f46bd74ab
Merge pull request #7313 from kristi/patch-1
add DescribeInstanceStatus to minimum permissions
2019-02-18 18:19:56 +01:00
Kristi 7e7e486901
add DescribeInstanceStatus to minimum permissions
Packer needs DescribeInstanceStatus or else it ends up waiting forever for the instance to become ready.
2019-02-14 11:53:53 -08:00
Megan Marsh af7131b169 tests, logic cleanup, docs for vagrant builder 2019-02-04 14:08:43 -08:00
Megan Marsh ad21367b21 vagrant builder 2019-02-04 14:08:43 -08:00
Matthew Hooker 88d27f37a7
make fmt-docs 2018-10-26 17:02:51 -07:00
Kevin Hicks 03f8680c3c
Remove json specifier from doc code block 2018-10-18 16:53:57 -05:00
Megan Marsh 14166fdd99 update amazon import docs to include the env vars for setting aws waiter delays and timeouts 2018-07-11 10:36:21 -07:00
Fotios Lindiakos 896ceee902
Update list of required IAM permissions
The `ec2:DescribeSpotPriceHistory` is required when the `spot_price` parameter is set to `auto`.
2018-06-22 18:55:50 -04:00
EximChua 286a5aa8c7
Update info on format of the credentials file
Update info on format of the credentials file.
2018-06-13 15:34:06 +08:00
stack72 1bc471073f
docs/aws: Update documentation for AWS Spot Instances
The docs didn't specify that `ec2:DescribeSpotInstanceRequests` was
required. This causes an error as follows:

```
Error waiting for spot request (sir-yg6866gj) to become ready:
UnauthorizedOperation: You are not authorized to perform this operation.
```

This is because the permission to describe instance state is not available
2018-06-08 03:04:22 +03:00
alexgottschalkmedal 38e419dd8c
Update amazon.html.md
Fix typo - CreateKeypair should be CreateKeyPair
2018-04-19 13:07:20 -07:00
Matthew Hooker b16f2ec64b
builder/amazon: Use sdk default cred providers
I think we were overcomplicating things. The SDK provides the correct
credential chain by default, so let's use that. This patch does a quick
check for static credentials and uses those if found, then defaults to
the default credential provider chain.

This patch also removes the metadata timeout argument. Current versions
of the SDK have short timeouts by default, so I don't believe this is
needed.
2018-03-15 16:49:47 -07:00
Megan Marsh d07a2dda7d fix grammar in docs 2018-02-15 14:28:22 -08:00
SwampDragons 23567aad6f
Merge pull request #5197 from BWITS/feature/policy_for_spot_instance
Add policies to use spot instance to create the AMI
2018-02-15 14:27:04 -08:00
Matthew Hooker 5b64f71702
Merge pull request #5764 from hashicorp/fix5760
"borrow" access config code from terraform.
2018-02-08 14:55:43 -08:00
Matthew Hooker a9b48309c9
update amazon authentication docs
Correct docs to reflect new behavior. This is largely borrowed from
terraform.
2018-02-08 14:48:04 -08:00
Matthew Hooker f5ea1e8312
Use WaitUntilInstanceReady waiter 2018-01-10 15:57:31 -08:00
Matthew Hooker cba1a0598f
document additional aws permission 2017-12-12 21:13:09 -08:00
Bill Wang 28a986691d Add policies to use spot instance to create the AMI 2017-08-01 21:24:43 +10:00
Matthew Hooker bcc0d24bf4
run docs through pandoc 2017-06-14 18:13:46 -07:00
Matthew Hooker 176715b7f0
document profile option. 2017-06-14 16:45:18 -07:00
Matthew Hooker 160d31a568
update documentation on automatic lookup of credentials.
Reverts work in #4612
2017-06-13 16:24:50 -07:00
Rickard von Essen 5bc8edc3b2
Updated AWS docs for using default chain 2017-06-09 10:35:48 -07:00
Rickard von Essen f4f0560101
Updated docs about AWS credentials handeling 2017-06-09 10:29:47 -07:00
Matthew Hooker d30605fdfb
use json markdown syntax 2017-04-18 11:35:42 -07:00
Seth Vargo 6b80c21043
Revamp pages and docs to fit HashiCorp brand 2017-03-28 16:05:19 -04:00
Kerim Satirli 37feec41d9 fixes broken link to EBS surrogate page 2017-03-06 09:44:07 +01:00
Matthew Hooker 131e1e3857
clarify that it's profile name 2017-02-28 23:23:36 -08:00
Matthew Hooker 6b95de73c4
document how aws-sdk uses the shared credentials file
from https://docs.aws.amazon.com/sdk-for-go/api/aws/credentials/\#SharedCredentialsProvider
2017-02-28 23:09:52 -08:00
James Nugent 635aeb765b amazon/ebssurrogate: Add New Builder
This commit adds a new type of builder which builds an AMI based on a
snapshot of an EBS volume which is provisioned on a "surrogate"
instance. This can be used to build operating system images from
scratch, but unlike the `chroot` builder does not require running from
an AWS EC2 instance.
2017-02-21 18:38:19 -06:00
Matthew Hooker b04a878ea8
small spelling fix 2017-02-21 11:13:06 -08:00
Rickard von Essen d1b9a91e3d
Change all builder docs to the expected file names 2017-01-14 13:03:39 +01:00
Rickard von Essen 4ce3b8712a
Replace unencrypted EBS snapshots with encrypted
To ensure that groups and users attributes are added to the encrypted
snapshots.
2016-12-06 03:31:09 +01:00
Ari Aviran 46f217f255 amazon - Snapshot permissions correctly applied
Fixes #3344
2016-12-04 16:03:01 +01:00
Rickard von Essen d8ef6d1977 Fixed formatting of source_ami_filter example 2016-11-30 12:32:46 +01:00
Matthew Hooker 7443e21992
fix broken link in docs 2016-11-16 12:39:23 -08:00
Matthew Hooker 1cf9dbf27d
fix json 2016-11-09 11:20:06 -08:00
Matthew Hooker 3d69af1247 sort/uniq IAM policies 2016-11-03 11:49:50 -07:00
Matthew Hooker ac8e70ade0 Revert "Remove duplicate permission"
This reverts commit 78067ff949.
2016-11-03 11:48:55 -07:00
Matthew Hooker 8eab0ee5b2 Merge pull request #4109 from mitchellh/b-docs
builder/amazon: Fix doc of EBS Volume builder name
2016-11-03 10:29:57 -07:00
James Nugent 33c423529d builder/amazon: Fix doc of EBS Volume builder name
Various things still referred to `ebsinit` or `ebs-volume` - the
imported name was `amazon-ebsvolume`.
2016-11-03 11:59:02 -04:00
Amo Chumber 78067ff949 Remove duplicate permission
In the suggested policy `ec2:CopyImage` was listed twice.

I've also sorted alphabetically to make it easier for somebody who might be recreating the policy in the AWS gui to follow along more easily.
2016-11-03 14:41:12 +00:00
James Nugent b1ff8c3bfc builder/amazon: Add `ebs-volume` builder
This commit adds a builder that works like EBS builders, except does not
create an AMI, and instead is intended to create EBS volumes in an
initialized state. For example, the following template can be used to
create and export a set of 3 EBS Volumes in a ZFS zpool named `data` for
importing by instances running production systems:

```
{
	"variables": {
		"aws_access_key_id": "{{ env `AWS_ACCESS_KEY_ID` }}",
		"aws_secret_access_key": "{{ env `AWS_SECRET_ACCESS_KEY` }}",
		"region": "{{ env `AWS_REGION` }}",
		"source_ami": "{{ env `PACKER_SOURCE_AMI` }}",
		"vpc_id": "{{ env `PACKER_VPC_ID` }}",
		"subnet_id": "{{ env `PACKER_SUBNET_ID` }}"
	},
	"builders": [{
		"type": "amazon-ebs-volume",
		"access_key": "{{ user `aws_access_key_id` }}",
		"secret_key": "{{ user `aws_secret_access_key` }}",
		"region": "{{user `region`}}",
		"spot_price_auto_product": "Linux/UNIX (Amazon VPC)",

		"ssh_pty": true,
		"instance_type": "t2.medium",
		"vpc_id": "{{user `vpc_id` }}",
		"subnet_id": "{{user `subnet_id` }}",
		"associate_public_ip_address": true,
		"source_ami": "{{user `source_ami` }}",
		"ssh_username": "ubuntu",
		"ssh_timeout": "5m",

		"ebs_volumes": [
			{
				"device_name": "/dev/xvdf",
				"delete_on_termination": false,
				"volume_size": 10,
				"volume_type": "gp2",
				"tags": {
					"Name": "TeamCity-Data1",
					"zpool": "data",
					"Component": "TeamCity"
				}
			},
			{
				"device_name": "/dev/xvdg",
				"delete_on_termination": false,
				"volume_size": 10,
				"volume_type": "gp2",
				"tags": {
					"Name": "TeamCity-Data2",
					"zpool": "data",
					"Component": "TeamCity"
				}
			},
			{
				"device_name": "/dev/xvdh",
				"delete_on_termination": false,
				"volume_size": 10,
				"volume_type": "gp2",
				"tags": {
					"Name": "TeamCity-Data3",
					"zpool": "data",
					"Component": "TeamCity"
				}
			}
		]
	}],
	"provisioners": [
	{
		"type": "shell",
		"start_retry_timeout": "10m",
		"inline": [
			"DEBIAN_FRONTEND=noninteractive sudo apt-get update",
			"DEBIAN_FRONTEND=noninteractive sudo apt-get install -y zfs",
			"lsblk",
			"sudo parted /dev/xvdf --script mklabel GPT",
			"sudo parted /dev/xvdg --script mklabel GPT",
			"sudo parted /dev/xvdh --script mklabel GPT",
			"sudo zpool create -m none data raidz xvdf xvdg xvdh",
			"sudo zpool status",
			"sudo zpool export data",
			"sudo zpool status"
		]
	}
	]
}
```

StepModifyInstance and StepStopInstance are now shared between EBS and
EBS-Volume builders - move them into the AWS common directory and rename
them to indicate that they only apply to EBS-backed builders.
2016-11-02 12:56:39 -04:00
Jinesh Choksi 0f4d2341cb Packer v0.11.0 requires "ec2:DescribeSecurityGroups" permissions to work
Without the "ec2:DescribeSecurityGroups" permission, you would get the following error:

2016/10/25 16:03:28 ui: ==> aws: Creating temporary security group for this instance...
2016/10/25 16:03:28 packer.exe: 2016/10/25 16:03:28 Temporary group name: packer 580f7440-2135-068c-99b7-35595a7522d1
2016/10/25 16:03:28 ui: ==> aws: Authorizing access to port 22 the temporary security group...
2016/10/25 16:03:28 packer.exe: 2016/10/25 16:03:28 [DEBUG] Describing tempSecurityGroup to ensure it is available: sg-38e0355e
2016/10/25 16:03:29 packer.exe: 2016/10/25 16:03:29 [DEBUG] Error in querying security group UnauthorizedOperation: You are not authorized to perform this operation.
2016/10/25 16:03:29 packer.exe: 	status code: 403, request id: bc664eff-cc01-42c1-8408-23493c11d92d
2016-10-25 16:27:20 +01:00
Matthew Hooker 24c4ba3bb5 add the error you might see 2016-10-03 17:40:52 -07:00
Matthew Hooker 7a1b84cec1 add some debugging info for if your clock is skewed 2016-10-02 17:32:57 -07:00
Huy Nguyen 5e1aa22dc7 IAM permission needed to deregister failed images (#3796) 2016-08-23 23:55:01 +02:00
www.elconas.de e6c590ace4 Fix IAM Policy to avoid 'Error enabling Enhanced Networking on xxxxxxx: UnauthorizedOperation: You are not authorized to perform this operation' (#3696) 2016-08-23 23:54:42 +02:00
mieciu 23296988b8 Update example AWS policy document 2016-08-22 17:06:20 +02:00
Erik Olson a6b59d742d Amazon documentation, update policy document - minimal set of permissions to allow copying AMIs to other regions 2016-06-01 12:59:25 -04:00