AWS Credential Passing Issue

25 views

Skip to first unread message

CJ Ess

unread,

Oct 9, 2019, 9:21:49 AM10/9/19

to Packer

The documentation is a bit vague about how credential passing works. I've given the packer server all of the credentials it needs for the amazon ebs builder including iam:passrole for * resources in its instance profile, and I removed all other references to IAM from the json template. I noticed today that AWS cli commands running on the packer builder are failing because they can't determine their credentials.

I was assuming that the key/secret/token was being passed to the packer builder, or that it would just use the profile of the packer builder. Is that not how it works?

Rickard von Essen

unread,

Oct 9, 2019, 1:36:49 PM10/9/19

to packe...@googlegroups.com

The packer program use your credentials to make API directly. Nor credentials is passed to the EC2 instance launched. The canonical way of giving it AWS API access is by using iam_instance_profile.

See https://packer.io/docs/builders/amazon-ebs.html#iam_instance_profile

On Wed, Oct 9, 2019, 15:21 CJ Ess <zxcvb...@gmail.com> wrote:

The documentation is a bit vague about how credential passing works. I've given the packer server all of the credentials it needs for the amazon ebs builder including iam:passrole for * resources in its instance profile, and I removed all other references to IAM from the json template. I noticed today that AWS cli commands running on the packer builder are failing because they can't determine their credentials.

I was assuming that the key/secret/token was being passed to the packer builder, or that it would just use the profile of the packer builder. Is that not how it works?

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/4e1e2710-a5fc-493a-ac30-b90719e1eedb%40googlegroups.com.

Reply all

Reply to author

Forward

0 new messages