*`access_key` (string) - The access key used to communicate with AWS. [Learn how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
-`access_key` (string) - The access key used to communicate with AWS. [Learn
how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
*`ami_name` (string) - The name of the resulting AMI that will appear
-`ami_name` (string) - The name of the resulting AMI that will appear when
when managing AMIs in the AWS console or via APIs. This must be unique.
managing AMIs in the AWS console or via APIs. This must be unique. To help
To help make this unique, use a function like `timestamp` (see
make this unique, use a function like `timestamp` (see [configuration
[configuration templates](/docs/templates/configuration-templates.html) for more info)
templates](/docs/templates/configuration-templates.html) for more info)
*`secret_key` (string) - The secret key used to communicate with AWS.
-`secret_key` (string) - The secret key used to communicate with AWS. [Learn
[Learn how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
*`source_ami` (string) - The source AMI whose root volume will be copied
-`source_ami` (string) - The source AMI whose root volume will be copied and
and provisioned on the currently running instance. This must be an
provisioned on the currently running instance. This must be an EBS-backed
EBS-backed AMI with a root volume snapshot that you have access to.
AMI with a root volume snapshot that you have access to.
*`access_key` (string) - The access key used to communicate with AWS. [Learn how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
-`access_key` (string) - The access key used to communicate with AWS. [Learn
how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
*`ami_name` (string) - The name of the resulting AMI that will appear
-`ami_name` (string) - The name of the resulting AMI that will appear when
when managing AMIs in the AWS console or via APIs. This must be unique.
managing AMIs in the AWS console or via APIs. This must be unique. To help
To help make this unique, use a function like `timestamp` (see
make this unique, use a function like `timestamp` (see [configuration
[configuration templates](/docs/templates/configuration-templates.html) for more info)
templates](/docs/templates/configuration-templates.html) for more info)
*`instance_type` (string) - The EC2 instance type to use while building
-`instance_type` (string) - The EC2 instance type to use while building the
the AMI, such as "m1.small".
AMI, such as "m1.small".
*`region` (string) - The name of the region, such as "us-east-1", in which
-`region` (string) - The name of the region, such as "us-east-1", in which to
to launch the EC2 instance to create the AMI.
launch the EC2 instance to create the AMI.
*`secret_key` (string) - The secret key used to communicate with AWS. [Learn how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
-`secret_key` (string) - The secret key used to communicate with AWS. [Learn
how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
*`source_ami` (string) - The initial AMI used as a base for the newly
-`source_ami` (string) - The initial AMI used as a base for the newly
created machine.
created machine.
*`ssh_username` (string) - The username to use in order to communicate
-`ssh_username` (string) - The username to use in order to communicate over
*`access_key` (string) - The access key used to communicate with AWS. [Learn how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
-`access_key` (string) - The access key used to communicate with AWS. [Learn
how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
*`account_id` (string) - Your AWS account ID. This is required for bundling
-`account_id` (string) - Your AWS account ID. This is required for bundling
the AMI. This is _not the same_ as the access key. You can find your
the AMI. This is *not the same* as the access key. You can find your account
account ID in the security credentials page of your AWS account.
ID in the security credentials page of your AWS account.
*`ami_name` (string) - The name of the resulting AMI that will appear
-`ami_name` (string) - The name of the resulting AMI that will appear when
when managing AMIs in the AWS console or via APIs. This must be unique.
managing AMIs in the AWS console or via APIs. This must be unique. To help
To help make this unique, use a function like `timestamp` (see
make this unique, use a function like `timestamp` (see [configuration
[configuration templates](/docs/templates/configuration-templates.html) for more info)
templates](/docs/templates/configuration-templates.html) for more info)
*`instance_type` (string) - The EC2 instance type to use while building
-`instance_type` (string) - The EC2 instance type to use while building the
the AMI, such as "m1.small".
AMI, such as "m1.small".
*`region` (string) - The name of the region, such as "us-east-1", in which
-`region` (string) - The name of the region, such as "us-east-1", in which to
to launch the EC2 instance to create the AMI.
launch the EC2 instance to create the AMI.
*`s3_bucket` (string) - The name of the S3 bucket to upload the AMI.
-`s3_bucket` (string) - The name of the S3 bucket to upload the AMI. This
This bucket will be created if it doesn't exist.
bucket will be created if it doesn't exist.
*`secret_key` (string) - The secret key used to communicate with AWS. [Learn how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
-`secret_key` (string) - The secret key used to communicate with AWS. [Learn
how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
*`source_ami` (string) - The initial AMI used as a base for the newly
-`source_ami` (string) - The initial AMI used as a base for the newly
created machine.
created machine.
*`ssh_username` (string) - The username to use in order to communicate
-`ssh_username` (string) - The username to use in order to communicate over
over SSH to the running machine.
SSH to the running machine.
*`x509_cert_path` (string) - The local path to a valid X509 certificate for
-`x509_cert_path` (string) - The local path to a valid X509 certificate for
your AWS account. This is used for bundling the AMI. This X509 certificate
your AWS account. This is used for bundling the AMI. This X509 certificate
must be registered with your account from the security credentials page
must be registered with your account from the security credentials page in
in the AWS console.
the AWS console.
*`x509_key_path` (string) - The local path to the private key for the X509
-`x509_key_path` (string) - The local path to the private key for the X509
certificate specified by `x509_cert_path`. This is used for bundling the AMI.
certificate specified by `x509_cert_path`. This is used for bundling
If you use other AWS tools you may already have these configured. If so, packer will try to use them, *unless* they are specified in your packer template. Credentials are resolved in the following order:
If you use other AWS tools you may already have these configured. If so, packer
will try to use them, *unless* they are specified in your packer template.
Credentials are resolved in the following order:
1. Values hard-coded in the packer template are always authoritative.
1. Values hard-coded in the packer template are always authoritative.
2.*Variables* in the packer template may be resolved from command-line flags or from environment variables. Please read about [User Variables](https://packer.io/docs/templates/user-variables.html) for details.
2.*Variables* in the packer template may be resolved from command-line flags
or from environment variables. Please read about [User
3. Lookup an IAM role for the current EC2 instance (if you're running in EC2)
3. Lookup an IAM role for the current EC2 instance (if you're running in EC2)
~> **Subtle details of automatic lookup may change over time.** The most reliable way to specify your configuration is by setting them in template variables (directly or indirectly), or by using the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables.
\~>**Subtle details of automatic lookup may change over time.** The most
reliable way to specify your configuration is by setting them in template
variables (directly or indirectly), or by using the `AWS_ACCESS_KEY_ID` and
`AWS_SECRET_ACCESS_KEY` environment variables.
Environment variables provide the best portability, allowing you to run your packer build on your workstation, in Atlas, or on another build server.
Environment variables provide the best portability, allowing you to run your
packer build on your workstation, in Atlas, or on another build server.
## Using an IAM Instance Profile
## Using an IAM Instance Profile
...
@@ -108,13 +126,18 @@ Packer to work:
...
@@ -108,13 +126,18 @@ Packer to work:
### Attaching IAM Policies to Roles
### Attaching IAM Policies to Roles
IAM policies can be associated with user or roles. If you use packer with IAM roles, you may encounter an error like this one:
IAM policies can be associated with user or roles. If you use packer with IAM
roles, you may encounter an error like this one:
==> amazon-ebs: Error launching source instance: You are not authorized to perform this operation.
==> amazon-ebs: Error launching source instance: You are not authorized to perform this operation.
You can read more about why this happens on the [Amazon Security Blog](http://blogs.aws.amazon.com/security/post/Tx3M0IFB5XBOCQX/Granting-Permission-to-Launch-EC2-Instances-with-IAM-Roles-PassRole-Permission). The example policy below may help packer work with IAM roles. Note that this example provides more than the minimal set of permissions needed for packer to work, but specifics will depend on your use-case.
You can read more about why this happens on the [Amazon Security
@@ -77,10 +77,14 @@ If you're using OS X and [Homebrew](http://brew.sh), you can install Packer:
...
@@ -77,10 +77,14 @@ If you're using OS X and [Homebrew](http://brew.sh), you can install Packer:
## Troubleshooting
## Troubleshooting
On some RedHat-based Linux distributions there is another tool named `packer` installed by default. You can check for this using `which -a packer`. If you get an error like this it indicates there is a name conflict.
On some RedHat-based Linux distributions there is another tool named `packer`
installed by default. You can check for this using `which -a packer`. If you get
an error like this it indicates there is a name conflict.
To fix this, you can create a symlink to packer that uses a different name like `packer.io`, or invoke the `packer` binary you want using its absolute path, e.g. `/usr/local/packer`.
To fix this, you can create a symlink to packer that uses a different name like
`packer.io`, or invoke the `packer` binary you want using its absolute path,