120 lines
6.8 KiB
Plaintext
120 lines
6.8 KiB
Plaintext
<!-- Code generated from the comments of the AMIConfig struct in builder/amazon/common/ami_config.go; DO NOT EDIT MANUALLY -->
|
|
|
|
- `ami_description` (string) - The description to set for the resulting
|
|
AMI(s). By default this description is empty. This is a
|
|
[template engine](/docs/templates/engine), see [Build template
|
|
data](#build-template-data) for more information.
|
|
|
|
- `ami_virtualization_type` (string) - The type of virtualization for the AMI
|
|
you are building. This option is required to register HVM images. Can be
|
|
paravirtual (default) or hvm.
|
|
|
|
- `ami_users` ([]string) - A list of account IDs that have access to
|
|
launch the resulting AMI(s). By default no additional users other than the
|
|
user creating the AMI has permissions to launch it.
|
|
|
|
- `ami_groups` ([]string) - A list of groups that have access to
|
|
launch the resulting AMI(s). By default no groups have permission to launch
|
|
the AMI. all will make the AMI publicly accessible.
|
|
|
|
- `ami_product_codes` ([]string) - A list of product codes to
|
|
associate with the AMI. By default no product codes are associated with the
|
|
AMI.
|
|
|
|
- `ami_regions` ([]string) - A list of regions to copy the AMI to.
|
|
Tags and attributes are copied along with the AMI. AMI copying takes time
|
|
depending on the size of the AMI, but will generally take many minutes.
|
|
|
|
- `skip_region_validation` (bool) - Set to true if you want to skip
|
|
validation of the ami_regions configuration option. Default false.
|
|
|
|
- `tags` (map[string]string) - Tags applied to the AMI. This is a
|
|
[template engine](/docs/templates/engine), see [Build template
|
|
data](#build-template-data) for more information.
|
|
|
|
- `tag` ([]{name string, value string}) - Same as [`tags`](#tags) but defined as a singular repeatable block
|
|
containing a `name` and a `value` field. In HCL2 mode the
|
|
[`dynamic_block`](/docs/configuration/from-1.5/expressions#dynamic-blocks)
|
|
will allow you to create those programatically.
|
|
|
|
- `ena_support` (boolean) - Enable enhanced networking (ENA but not SriovNetSupport) on
|
|
HVM-compatible AMIs. If set, add `ec2:ModifyInstanceAttribute` to your
|
|
AWS IAM policy.
|
|
|
|
Note: you must make sure enhanced networking is enabled on your
|
|
instance. See [Amazon's documentation on enabling enhanced
|
|
networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking).
|
|
|
|
- `sriov_support` (bool) - Enable enhanced networking (SriovNetSupport but not ENA) on
|
|
HVM-compatible AMIs. If true, add `ec2:ModifyInstanceAttribute` to your
|
|
AWS IAM policy. Note: you must make sure enhanced networking is enabled
|
|
on your instance. See [Amazon's documentation on enabling enhanced
|
|
networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking).
|
|
Default `false`.
|
|
|
|
- `force_deregister` (bool) - Force Packer to first deregister an existing
|
|
AMI if one with the same name already exists. Default false.
|
|
|
|
- `force_delete_snapshot` (bool) - Force Packer to delete snapshots
|
|
associated with AMIs, which have been deregistered by force_deregister.
|
|
Default false.
|
|
|
|
- `encrypt_boot` (boolean) - Whether or not to encrypt the resulting AMI when
|
|
copying a provisioned instance to an AMI. By default, Packer will keep the
|
|
encryption setting to what it was in the source image. Setting false will
|
|
result in an unencrypted image, and true will result in an encrypted one.
|
|
If you have used the `launch_block_device_mappings` to set an encryption
|
|
key and that key is the same as the one you want the image encrypted with
|
|
at the end, then you don't need to set this field; leaving it empty will
|
|
prevent an unnecessary extra copy step and save you some time.
|
|
|
|
- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption. This
|
|
only applies to the main `region`, other regions where the AMI will be
|
|
copied will be encrypted by the default EBS KMS key. For valid formats
|
|
see *KmsKeyId* in the [AWS API docs -
|
|
CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
|
|
This field is validated by Packer, when using an alias, you will have to
|
|
prefix `kms_key_id` with `alias/`.
|
|
|
|
- `region_kms_key_ids` (map[string]string) - regions to copy the ami to, along with the custom kms key id (alias or
|
|
arn) to use for encryption for that region. Keys must match the regions
|
|
provided in `ami_regions`. If you just want to encrypt using a default
|
|
ID, you can stick with `kms_key_id` and `ami_regions`. If you want a
|
|
region to be encrypted with that region's default key ID, you can use an
|
|
empty string `""` instead of a key id in this map. (e.g. `"us-east-1":
|
|
""`) However, you cannot use default key IDs if you are using this in
|
|
conjunction with `snapshot_users` -- in that situation you must use
|
|
custom keys. For valid formats see *KmsKeyId* in the [AWS API docs -
|
|
CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
|
|
|
|
This option supercedes the `kms_key_id` option -- if you set both, and
|
|
they are different, Packer will respect the value in
|
|
`region_kms_key_ids` for your build region and silently disregard the
|
|
value provided in `kms_key_id`.
|
|
|
|
- `skip_save_build_region` (bool) - If true, Packer will not check whether an AMI with the `ami_name` exists
|
|
in the region it is building in. It will use an intermediary AMI name,
|
|
which it will not convert to an AMI in the build region. It will copy
|
|
the intermediary AMI into any regions provided in `ami_regions`, then
|
|
delete the intermediary AMI. Default `false`.
|
|
|
|
- `snapshot_tags` (map[string]string) - Tags to apply to snapshot.
|
|
They will override AMI tags if already applied to snapshot. This is a
|
|
[template engine](/docs/templates/engine), see [Build template
|
|
data](#build-template-data) for more information.
|
|
|
|
- `snapshot_tag` ([]{name string, value string}) - Same as [`snapshot_tags`](#snapshot_tags) but defined as a singular
|
|
repeatable block containing a `name` and a `value` field. In HCL2 mode the
|
|
[`dynamic_block`](/docs/configuration/from-1.5/expressions#dynamic-blocks)
|
|
will allow you to create those programatically.
|
|
|
|
- `snapshot_users` ([]string) - A list of account IDs that have
|
|
access to create volumes from the snapshot(s). By default no additional
|
|
users other than the user creating the AMI has permissions to create
|
|
volumes from the backing snapshot(s).
|
|
|
|
- `snapshot_groups` ([]string) - A list of groups that have access to
|
|
create volumes from the snapshot(s). By default no groups have permission
|
|
to create volumes from the snapshot(s). all will make the snapshot
|
|
publicly accessible.
|
|
|