IP address of AWS instance to use for provisioning

[russell.g...@iorahealth.com]

Hi everyone,

tl;dr: I'm looking for a way to pass the Amazon instance IP to a shell-local provisioner.

Backgorund: We're building our pipeline using Packer and everything so far has been really straightforward. We've got Amazon AMI creation working from an Ansible-provisioned instance. So far so good.

The next step is we want to be able to run some security scans on our created images. We want a failed scan to fail the image build process. However, the problem is that the scans run locally on the machine running packer. They do a combination of external scans (nmap) and local scans (log into the machine, test for vulnerabilities/CVEs).

The logical solution would be to use a shell-local provisioner that calls the scanner and points it at the machine, giving it proper SSH credentials. However, I can't seem to find anywhere in the docs that tells me how to pass IP information and SSH credentials to the shell-local provisioner.

Does anyone know how to get the temporary EC2 instance's IP address so I can pass it to the provisioner?

Thanks!

rg

[Rickard von Essen]

Run a shell provisioner that saves the IP in a file. Use a file provisioner to download it and read it in the shell-local script. 

Or use some aws tag specific to this build and run the aws cli to find the IP of that instance. 

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/bbd2b1ec-813b-49be-a2d8-4e62bcdbed14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[russell.g...@iorahealth.com]

Hi Rickard,

Thanks so much for the reply -- I gave it a shot to save off the IP, but when I went to use the file provisioner I couldn't figure out how to then get the file back to my local machine. It seems like the file provisioner is all about copying files to the AWS instance from the local machine running Packer. What am I missing?

Next I'm going to try exploring the AWS tag solution -- seems like that has some promise!

Thanks,

rg

On Friday, April 21, 2017 at 3:53:53 PM UTC-4, Rickard von Essen wrote:

Run a shell provisioner that saves the IP in a file. Use a file provisioner to download it and read it in the shell-local script. 

Or use some aws tag specific to this build and run the aws cli to find the IP of that instance. 

On Apr 21, 2017 21:20, <russell.g...@iorahealth.com> wrote:

Hi everyone,

tl;dr: I'm looking for a way to pass the Amazon instance IP to a shell-local provisioner.

Backgorund: We're building our pipeline using Packer and everything so far has been really straightforward. We've got Amazon AMI creation working from an Ansible-provisioned instance. So far so good.

The next step is we want to be able to run some security scans on our created images. We want a failed scan to fail the image build process. However, the problem is that the scans run locally on the machine running packer. They do a combination of external scans (nmap) and local scans (log into the machine, test for vulnerabilities/CVEs).

The logical solution would be to use a shell-local provisioner that calls the scanner and points it at the machine, giving it proper SSH credentials. However, I can't seem to find anywhere in the docs that tells me how to pass IP information and SSH credentials to the shell-local provisioner.

Does anyone know how to get the temporary EC2 instance's IP address so I can pass it to the provisioner?

Thanks!

rg

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.

To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.

[Rickard von Essen]

See https://www.packer.io/docs/provisioners/file.html#direction

To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/88ddf899-6300-485d-9330-7e5fdc7bf2ee%40googlegroups.com.