Question:
I’m currently building AMIs via Packer without a problem, but I am baking the AWS credentials into my scripts which is not what I want. Reading the Packer documentation they specify that if no credentials are found it can use an AWS role.
I have created the policy and the role, but it’s unclear to me how to tell Packer to use this role. Do I have to pass the ARN in as a variable?
Any thoughts?
Answer:
If you’d like to set the IAM role that Packer uses during AMI creation from the command-line (e.g. from Jenkins), then you can use variables for doing so, e.g. using the following in your Packer script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
"variables": { "packer_profile": "packer", ... }, "builders": [ { "type": "amazon-ebs", ... "iam_instance_profile": "{{user `packer_profile`}}", ... } ], "provisioners": [ ... ] |
So we provide a default “packer” value for our packer_profile variable. Then, when invoking Packer from the command-line in Jenkins, you override that default variable value using:
|
1 2 |
$ /path/to/packer -var packer_profile="MyNewProfileHere" ... |
Hope this helps!