stackoom
  简体   繁体   中英

How to allow packer to access CodeCommit during AMI build?

 原文  2016-05-07 03:12:19       packer/ aws-codecommit

Question

I'd like to clone my FreeTier git repos from CodeCommit when using packer to build an AMI. This is incredibly challenging and poorly documented.

1 answers

solution1
 1 ACCPTED  2016-05-07 03:12:19

This is what finally worked for me. This is Ubuntu 16.04 hvm:ebs as the base image, as it will install a modern and functioning git and awscli. 14.04 had many issues, that in the end weren't worth sorting out. 

{                                                                                                         
  "variables": {                                                                                          
    "aws_access_key": "",                                                                                 
    "aws_secret_key": ""                                                                                  
  },                                                                                                      
  "builders": [{                                                                                          
    "type": "amazon-ebs",                                                                                 
    "name": "aws",                                                                                        
    "access_key": "{{user `aws_access_key`}}",                                                            
    "secret_key": "{{user `aws_secret_key`}}",                                                            
    "iam_instance_profile": "packer",                                                                
    "region": "us-east-1",                                                                                
    "source_ami": "ami-840910ee",                                                                         
    "instance_type": "t2.micro",                                                                          
    "ssh_username": "ubuntu",                                                                             
    "ami_name": "myproject {{timestamp}}"                                                                
  }],                                                                                                     
  "provisioners": [{                                                                                      
    "type": "shell",                                                                                      
    "inline": [                                                                                           
      "sleep 30",                                                                                         
      "sudo apt-get update",                                                                              
      "sudo apt-get upgrade -y",                                                                          
      "sudo apt-get install -y git awscli python-virtualenv",                                             
      "sudo install -o ubuntu -g ubuntu -m 755 -d /opt/scratch",                                             
      "virtualenv /opt/scratch/venv",                                                                        
      "git config --global credential.helper '!aws codecommit credential-helper $@'",                     
      "git config --global credential.UseHttpPath true",                                                  
      "git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/myproject /opt/scratch/venv/src/myproject", 
      "/opt/scratch/venv/bin/pip install -r /opt/scratch/venv/src/myproject/requirements.txt"                  
    ]                                                                                                     
  }]                                                                                                      
}

In the IAM console, the user that packer will use needs the iam:PassRole policy to be able to use the iam_instance_profile directive.

Also in the IAM console, you'll need to create a role for EC2, and give it the AWSCodeCommitReadOnly policy.

Note that --profile default is missing from the credential.helper, this is intentional. Using the role there is no ~/.aws/credential file to hold the default profile. Instead aws-cli will use the role assigned to the instance, which allows it to clone from CodeCommit

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use packer to build AMI without SSH how to build aws ami with packer conditionally? How to access packer machine (IP/host) through ansible during build Build AMI in packer including modified snapshot with packer How to resize the root filesystem during AMI creation with packer? How to create new windows AMI with packer how to put AMI name in packer manifest How to add region in packer ami data source Can Packer build an AMI locally (that is, without connecting to AWS)? Unable to connect VNC to ESX during packer build
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM