如何将AWS角色与Packer一起使用以创建AMI [英] How to use AWS roles with Packer to create AMIs

问题描述

我目前正在通过Packer毫无问题地构建AMI，但是我正在将AWS凭证烘焙到我的脚本中，这不是我想要的.阅读Packer文档后，他们指定如果找不到凭据，则可以使用AWS角色.

I'm currently building AMIs via Packer without a problem, but I am baking the AWS credentials into my scripts which is not what I want. Reading the Packer documentation they specify that if no credentials are found it can use an AWS role.

我已经创建了策略和角色，但是我不清楚如何告诉Packer使用该角色.我必须将ARN作为变量传递吗?

I have created the policy and the role, but it's unclear to me how to tell Packer to use this role. Do I have to pass the ARN in as a variable?

有什么想法吗?

推荐答案

如果您要设置Packer通过命令行在AMI创建过程中使用的IAM角色(Jenkins的 eg ) ，那么您可以在Packer脚本中使用以下变量来使用变量，例如 eg :

If you'd like to set the IAM role that Packer uses during AMI creation from the command-line (e.g. from Jenkins), then you can use variables for doing so, e.g. using the following in your Packer script:

"variables": {
  "packer_profile": "packer",
  ...
},
"builders": [
  {
    "type": "amazon-ebs",
    ...
    "iam_instance_profile": "{{user `packer_profile`}}",
    ...
  }
],
"provisioners": [
  ...
]

因此，我们为packer_profile变量提供了默认打包程序"值.然后，在Jenkins中从命令行调用Packer时，您可以使用以下方法覆盖该默认变量值:

So we provide a default "packer" value for our packer_profile variable. Then, when invoking Packer from the command-line in Jenkins, you override that default variable value using:

$ /path/to/packer -var packer_profile="MyNewProfileHere" ...

希望这会有所帮助！

这篇关于如何将AWS角色与Packer一起使用以创建AMI的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！