Issues with AWS credentials
zacharyh...@gmail.com
Hey Everyone,
I am currently attempting to create a custom platform within AWS Elastic Beanstalk utilizing its built in feature of packer. With that, I am not entirely sure which version of packer they are using currently.
I am not 100% sure if this is a packer question or an AWS question, but I figured I would give it a shot.
My builder is "amazon-ebs" and I am using the "shell" provisioner. (I will attach the view of my packer script below) The issue I am having is that one of my scripts requires me to call out to s3. When it does, I get an error specifying that I do not have the credentials to access S3.
I cannot show the full command that I use when executing but it looks something like this:
eb platform create -ip <instance-profile-arn> --vpc.id <company-vpc> --vpc.subnets <subnets>
The instance profile definitely has the permissions to access S3, but my issue is that it does not seem to gain the credentials at all.
I guess I have 2 questions, if they can be answered.
When the provisioner runs bash scripts, is the EC2 instance already up and running? Or does this happen prior to the creation of the EC2 instance and then everything is baked in upon startup?
In the AWS Documentation, which I will include below, it specifies "When you create a custom platform, you launch a single instance environment without an EIP that runs Packer, which launches another instance to build an image."
Is this instance that runs Packer possibly not getting the auth needed for me to run my commands that I need? Or either of these instances for that mater.
Here is my packer file
{
"variables": {
"aws_access_key": "{{env `AWS_PROFILE.aws_access_key_id`}}",
"aws_secret_key": "{{env `AWS_PROFILE.aws_secret_access_key`}}"
},
"builders": [{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "us-east-1",
"source_ami": "ami-e392eef5",
"instance_type": "t2.micro",
"ssh_username": "ec2-user",
"security_group_id": "sg-065e6d7c",
"subnet_id": "subnet-a70c3a8f",
"ami_name": "packer-example {{timestamp}}"
}],
"provisioners": [{
"type": "shell",
"execute_command": "{{.Vars}} sudo -E -S bash '{{.Path}}'",
"scripts": [
"1_Provisioner_Initialize_AMI.sh",
"2_Provisioner_Chapter1_Host_Configuration.sh",
"3_Provisioner_Chapter2_Host_Configuration.sh",
"4_Provisioner_Benchmark_Setup.sh",
"5_Provisioner_Splunk.sh",
"6_Provisioner_Qualys.sh",
"7_Provisioner_System_Restart.sh",
"8_Processor_Run_Benchmarks.sh"
],
"environment_vars": [
"DOCKER_CONTENT_TRUST=1"
]
}]
}
The output:
[1.0.8] I, [2017-08-08T20:46:29.191332+0000#30378] INFO -- Packer: 1502225189,,ui,say,==> amazon-ebs: Provisioning with shell script: 6_Provisioner_Qualys.sh
[1.0.8] I, [2017-08-08T20:46:29.315949+0000#30378] INFO -- Packer: 1502225189,,ui,message, amazon-ebs:
[1.0.8] I, [2017-08-08T20:46:29.908360+0000#30378] INFO -- Packer: 1502225189,,ui,message, amazon-ebs: fatal error: Unable to locate credentials
[1.0.8] I, [2017-08-08T20:46:29.964616+0000#30378] INFO -- Packer: 1502225189,,ui,message, amazon-ebs: error: open of qualys-cloud-agent.x86_64.rpm failed: No such file or directory
[1.0.8] I, [2017-08-08T20:46:29.976566+0000#30378] INFO -- Packer: 1502225189,,ui,message, amazon-ebs: qualys-cloud-agent: unrecognized service
[1.0.8] I, [2017-08-08T20:46:30.303555+0000#30378] INFO -- Packer: 1502225190,,ui,message, ama