Powershell AWS extensions failing for lack of credentials in my packer build
21 views
Skip to first unread message
Mike Chmielewski
Jan 31, 2019, 11:31:18 PM1/31/19
to Packer
Hello,
I've been banging my head for a while on an issue, and I hope someone can point me in the right direction. I am trying to generate a Windows AMI using the WinRM communicator.
I need to attach/detach an EBS volume to get data during provisioning, during my packer build. I am using a powershell script with the powershell provisioner to run the needed commands, but when the build executes my script, I get:
1548994584,,ui,message, amazon-ebs: Add-EC2Volume : No credentials specified or obtained from persisted/shell
1548994584,,ui,message, amazon-ebs: defaults.
1548994584,,ui,message, amazon-ebs: At C:\Windows\Temp\script-5c53c7bb-d48b-818f-8d75-bc996d928a48.ps1:16 char:1
1548994584,,ui,message, amazon-ebs: + Add-EC2Volume -InstanceId $current_host -VolumeId $Env:INSTALL_MEDIA_VOLUME
1548994584,,ui,message, amazon-ebs: -Dev ...
This seems to be telling me that no AWS credentials are getting into the packer builder instance.
My build job is assuming a role, and packer build starts fine. I also have these defined:
"variables": {
"aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
"aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
...
}
I have tried using the "profile" and "iam_instance_profile" settings, after creating profiles and associating the necessary EC2 permissions, as well as adding the IAM passrole permission to the profile. I have set the "access_key" and "secret_key" settings on the builder too.
What am I missing? I can't be the only one who has needed/wanted to execute AWS CLI commands during their packer build, right?
Thanks!
J Metz
Feb 1, 2019, 6:44:53 AM2/1/19
to packe...@googlegroups.com
Hey Mike,
Give this a shot in the powershell provisioner you're using...
{
"type": "powershell",
"script": "YourScript.ps1",
"environment_vars": [
"AWS_ACCESS_KEY={{user `AWS_ACCESS_KEY`}}",
"AWS_SECRET_KEY={{user `AWS_SECRET_KEY`}}"
]
},
In your script, call the Add-EC2Volume cmdlet with explicit "AWS common parameters" for the Access and Secret keys like this
Example (using the other parameters you had in the post):
Add-EC2Volume -InstanceId $current_host -VolumeId $Env:INSTALL_MEDIA_VOLUME -AccessKey $env:AWS_ACCESS_KEY -SecretKey $env:AWS_SECRET_KEY
Hopefully this helps..
"type": "powershell",
"script": "YourScript.ps1",
"environment_vars": [
"AWS_ACCESS_KEY={{user `AWS_ACCESS_KEY`}}",
"AWS_SECRET_KEY={{user `AWS_SECRET_KEY`}}"
]
},
In your script, call the Add-EC2Volume cmdlet with explicit "AWS common parameters" for the Access and Secret keys like this
Example (using the other parameters you had in the post):
Add-EC2Volume -InstanceId $current_host -VolumeId $Env:INSTALL_MEDIA_VOLUME -AccessKey $env:AWS_ACCESS_KEY -SecretKey $env:AWS_SECRET_KEY
Hopefully this helps..
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/b4a20837-d8a6-4902-8bec-5d9d8cf49a6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mike Chmielewski
Feb 1, 2019, 10:56:12 AM2/1/19
to Packer
Hi Justin,
This came back with the same error, sadly. However, working with my team some more illuminated that there was another "stealth" IAM role involved. So I got passed it.
Thanks for the help!
Reply all
Reply to author
Forward
0 new messages