Re: [packer] Can Packer use a role instead of keys to launch an ec2 instance?

[Rickard von Essen]

You can setup a profile in the shared configuration file according to 1) that assumes a role. Then in packer you either references it with profile or use the environment variable AWS_PROFILE. 

1) https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html

On Sat, Mar 9, 2019, 23:01 gigit1000 <gigi...@gmail.com> wrote:

Hello,

I have an ec2 role that is capable of launching ec2 instances associated with my build instance which is running Packer.  I want to run a Packer build using the role instead of access keys, but I’m not sure how to edit the template.

I removed the two access key entries and added:

"vault_aws_engine": {
      "name": "ec2-builds",
      "role_arn": "arn:aws:iam::126554036938:role/ec2-builds",
      "ttl": "3600s"
"iam_instance_profile":"ec2-builds"

but now the template will not validate. The error is: * Error reading vault secret: Get https://127.0.0.1:8200/v1/aws/creds/ec2-builds: dial tcp 127.0.0.1:8200: connect: connection refused

I’m not sure what this means – did I edit the template incorrectly or is there some other step that I missed? Thank You 

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/29ab3629-a0d0-45de-93e6-07af0cf55c1b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.