I'd like to clone my FreeTier git repos from CodeCommit when using packer to build an AMI. This is incredibly challenging and poorly documented.
This is what finally worked for me. This is Ubuntu 16.04 hvm:ebs as the base image, as it will install a modern and functioning git and awscli. 14.04 had many issues, that in the end weren't worth sorting out.
{
"variables": {
"aws_access_key": "",
"aws_secret_key": ""
},
"builders": [{
"type": "amazon-ebs",
"name": "aws",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"iam_instance_profile": "packer",
"region": "us-east-1",
"source_ami": "ami-840910ee",
"instance_type": "t2.micro",
"ssh_username": "ubuntu",
"ami_name": "myproject {{timestamp}}"
}],
"provisioners": [{
"type": "shell",
"inline": [
"sleep 30",
"sudo apt-get update",
"sudo apt-get upgrade -y",
"sudo apt-get install -y git awscli python-virtualenv",
"sudo install -o ubuntu -g ubuntu -m 755 -d /opt/scratch",
"virtualenv /opt/scratch/venv",
"git config --global credential.helper '!aws codecommit credential-helper $@'",
"git config --global credential.UseHttpPath true",
"git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/myproject /opt/scratch/venv/src/myproject",
"/opt/scratch/venv/bin/pip install -r /opt/scratch/venv/src/myproject/requirements.txt"
]
}]
}
In the IAM console, the user that packer will use needs the iam:PassRole
policy to be able to use the iam_instance_profile
directive.
Also in the IAM console, you'll need to create a role for EC2, and give it the AWSCodeCommitReadOnly
policy.
Note that --profile default
is missing from the credential.helper, this is intentional. Using the role there is no ~/.aws/credential
file to hold the default profile. Instead aws-cli
will use the role assigned to the instance, which allows it to clone from CodeCommit
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.