Packer volume encryption while creating instance.

[Arun kumar]

Hi Everyone,

I have been using packer lately, most of the time i'm using the encrypted image as my source image, but I decided to use marketplace images but i'm not sure whether packer will encrypt the volume while creating instance.

we have a lambda function that checks for volume encryption and every time I use source image from market place, instance is getting terminated which mean lambda function is marking this instance as not encrypted volume.

Can anyone shed some light on this one ? Below is the json file that i'm using.

{

    "builders": [

        {

            "access_key": "{{user `access_key`}}",

            "secret_key": "{{user `secret_key`}}",

            "ami_name": "{{user `created_ami_name`}}-{{isotime | clean_resource_name}}",

            "instance_type": "{{user `instance_type`}}",

            "kms_key_id": "{{user `kms_key`}}",

            "vpc_id": "{{user `vpc_id`}}",

            "subnet_id": "{{user `subnet_id`}}",

            "security_group_id": "{{user `security_group_id`}}",

            "region": "{{user `region`}}",

            "tags": {

              "Name": "{{user `created_ami_name`}}",

              "cost_center": "Null",

              "owner_cost": "Null",

              "purpose": "Null",

              "owner_tech": "Null",

              "id": "Null",

              "application": " ",

              "Environment": "{{user `Environment`}}"

          } ,

            "source_ami": "{{user `source_ami_id`}}",

            "ssh_username": "{{user `ssh_username`}}",

            "type": "amazon-ebs"

        }

    ],

    "provisioners": [

        {

            "type": "shell",

            "script": "{{user `script`}}"

        }

    ]

}

[Megan Marsh]

See the  https://www.packer.io/docs/builders/amazon-ebs.html#encrypt_boot option :)

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/157808be-18b8-4ad6-93cf-0089c91eecac%40googlegroups.com.

[Arun kumar]

Hi Megan,

Seems like packer will keep the encryption settings from source ami, here my source is not encrypted and if I set the "encrypt_boot" in json, it's not encrypting the volume when instance is being created. I guess it will encrypt while creating the image. But I need something that will encrypt the boot volume while creating instance not while creating image.

To unsubscribe from this group and stop receiving emails from it, send an email to packe...@googlegroups.com.

[Megan Marsh]

If you want that, I believe you'll have to create an encrypted copy of the volume before Packer runs.

To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/68393096-4a0a-425f-93d4-cd9e8049ab8e%40googlegroups.com.