Created
March 11, 2019 20:20
-
-
Save c0sco/084f0407512c236dfdf0118e9f209e9e to your computer and use it in GitHub Desktop.
Packer amazon-import encryption tests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# S3: no encryption, AMI: no encryption (original behavior) | |
$ bin/packer build etc/test-encrypt/amazon-test-s3_no-ami_no.json | |
file output will be in this color. | |
==> file: Copying ami.raw to filetarget.raw | |
==> file: Copied 5368709120 bytes | |
==> file: Running post-processor: amazon-import | |
file (amazon-import): Uploading filetarget.raw to s3://c0sco-packer-ami/packer-import-1552327199.raw | |
file (amazon-import): Completed upload of filetarget.raw to s3://c0sco-packer-ami/packer-import-1552327199.raw | |
file (amazon-import): Started import of s3://c0sco-packer-ami/packer-import-1552327199.raw, task id import-ami-01b09d9e7594586c8 | |
file (amazon-import): Waiting for task import-ami-01b09d9e7594586c8 to complete (may take a while) | |
file (amazon-import): Import task import-ami-01b09d9e7594586c8 complete | |
file (amazon-import): Adding tag "Description": "packer amazon-import test 1552327199" | |
file (amazon-import): Tagging snapshot snap-04195e518d91476aa | |
file (amazon-import): Tagging AMI ami-0fac6e92d2e32f083 | |
file (amazon-import): Deleting import source s3://c0sco-packer-ami/packer-import-1552327199.raw | |
Build 'file' finished. | |
==> Builds finished. The artifacts of successful builds are: | |
--> file: AMIs were created: | |
us-west-2: ami-0fac6e92d2e32f083 | |
$ aws s3api head-object --bucket c0sco-packer-ami --key packer-import-1552327199.raw | |
{ | |
"AcceptRanges": "bytes", | |
"LastModified": "Mon, 11 Mar 2019 18:00:06 GMT", | |
"ContentLength": 5368709120, | |
"ETag": "\"d2a8ad628840e25f387e4d2af05fca6b-1024\"", | |
"ContentType": "binary/octet-stream", | |
"Metadata": {} | |
} | |
$ aws ec2 describe-images --image-id ami-0fac6e92d2e32f083 | jq -r '.Images[].BlockDeviceMappings[].Ebs.Encrypted' | |
false | |
# S3: KMS w/ default key, AMI: KMS w/ default key | |
$ bin/packer build etc/test-encrypt/amazon-test-s3_kmsdefault-ami_kmsdefault.json | |
file output will be in this color. | |
==> file: Copying ami.raw to filetarget.raw | |
==> file: Copied 5368709120 bytes | |
==> file: Running post-processor: amazon-import | |
file (amazon-import): Uploading filetarget.raw to s3://c0sco-packer-ami/packer-import-1552328903.raw | |
file (amazon-import): Completed upload of filetarget.raw to s3://c0sco-packer-ami/packer-import-1552328903.raw | |
file (amazon-import): Started import of s3://c0sco-packer-ami/packer-import-1552328903.raw, task id import-ami-0480912ea1d178a3c | |
file (amazon-import): Waiting for task import-ami-0480912ea1d178a3c to complete (may take a while) | |
file (amazon-import): Import task import-ami-0480912ea1d178a3c complete | |
file (amazon-import): Adding tag "Description": "packer amazon-import test 1552328903" | |
file (amazon-import): Tagging snapshot snap-06a221d6c2b753eb1 | |
file (amazon-import): Tagging AMI ami-0dacb06c59ec7de71 | |
file (amazon-import): Deleting import source s3://c0sco-packer-ami/packer-import-1552328903.raw | |
Build 'file' finished. | |
==> Builds finished. The artifacts of successful builds are: | |
--> file: AMIs were created: | |
us-west-2: ami-0dacb06c59ec7de71 | |
$ aws s3api head-object --bucket c0sco-packer-ami --key packer-import-1552328903.raw | |
{ | |
"AcceptRanges": "bytes", | |
"LastModified": "Mon, 11 Mar 2019 18:28:30 GMT", | |
"ContentLength": 5368709120, | |
"ETag": "\"25dacad514568cda69ae0f1877a05051-1024\"", | |
"ContentType": "binary/octet-stream", | |
"ServerSideEncryption": "aws:kms", | |
"Metadata": {}, | |
"SSEKMSKeyId": "arn:aws:kms:us-west-2:xxxxxxxxxxxx:key/6d0bcbad-1c99-4067-ac1b-642dc7227002" | |
} | |
$ aws ec2 describe-images --image-id ami-0dacb06c59ec7de71 | jq -r '.Images[].BlockDeviceMappings[].Ebs.Encrypted' | |
true | |
# S3: KMS w/ custom key, AMI: KMS w/ custom key | |
$ bin/packer build etc/test-encrypt/amazon-test-s3_kmscustom-ami_kmscustom.json | |
file output will be in this color. | |
==> file: Copying ami.raw to filetarget.raw | |
==> file: Copied 5368709120 bytes | |
==> file: Running post-processor: amazon-import | |
file (amazon-import): Uploading filetarget.raw to s3://c0sco-packer-ami/packer-import-1552094327.raw | |
file (amazon-import): Completed upload of filetarget.raw to s3://c0sco-packer-ami/packer-import-1552094327.raw | |
file (amazon-import): Started import of s3://c0sco-packer-ami/packer-import-1552094327.raw, task id import-ami-04d8a86e3bd8014b1 | |
file (amazon-import): Waiting for task import-ami-04d8a86e3bd8014b1 to complete (may take a while) | |
file (amazon-import): Import task import-ami-04d8a86e3bd8014b1 complete | |
file (amazon-import): Adding tag "Description": "packer amazon-import test 1552094327" | |
file (amazon-import): Tagging snapshot snap-0095e41fb180c8242 | |
file (amazon-import): Tagging AMI ami-00c8e600758fc4e52 | |
file (amazon-import): Deleting import source s3://c0sco-packer-ami/packer-import-1552094327.raw | |
Build 'file' finished. | |
==> Builds finished. The artifacts of successful builds are: | |
--> file: AMIs were created: | |
us-west-2: ami-00c8e600758fc4e52 | |
$ aws s3api head-object --bucket c0sco-packer-ami --key packer-import-1552094327.raw | |
{ | |
"AcceptRanges": "bytes", | |
"LastModified": "Sat, 09 Mar 2019 01:19:40 GMT", | |
"ContentLength": 5368709120, | |
"ETag": "\"9f59b2e5f9bfba401fbd7f76ad0c90c7-1024\"", | |
"ContentType": "binary/octet-stream", | |
"ServerSideEncryption": "aws:kms", | |
"Metadata": {}, | |
"SSEKMSKeyId": "arn:aws:kms:us-west-2:xxxxxxxxxxxx:key/649ebf64-8cef-4014-bf17-92a3f4317837" | |
} | |
$ aws ec2 describe-images --image-id ami-00c8e600758fc4e52 | jq -r '.Images[].BlockDeviceMappings[].Ebs.Encrypted' | |
true | |
# S3: AES256, AMI: KMS w/ custom key | |
$ bin/packer build etc/test-encrypt/amazon-test-s3_aes256-ami_kmscustom.json | |
file output will be in this color. | |
==> file: Copying ami.raw to filetarget.raw | |
==> file: Copied 5368709120 bytes | |
==> file: Running post-processor: amazon-import | |
file (amazon-import): Uploading filetarget.raw to s3://c0sco-packer-ami/packer-import-1552324951.raw | |
file (amazon-import): Waiting for task import-ami-0d86316e36e69a60b to complete (may take a while) | |
file (amazon-import): Import task import-ami-0d86316e36e69a60b complete | |
file (amazon-import): Adding tag "Description": "packer amazon-import test 1552324951" | |
file (amazon-import): Tagging snapshot snap-04fd3b0433416f691 | |
file (amazon-import): Tagging AMI ami-08387bee60e9c743c | |
file (amazon-import): Deleting import source s3://c0sco-packer-ami/packer-import-1552324951.raw | |
Build 'file' finished. | |
==> Builds finished. The artifacts of successful builds are: | |
--> file: AMIs were created: | |
us-west-2: ami-08387bee60e9c743c | |
$ aws s3api head-object --bucket c0sco-packer-ami --key packer-import-1552324951.raw | |
{ | |
"AcceptRanges": "bytes", | |
"LastModified": "Mon, 11 Mar 2019 17:22:38 GMT", | |
"ContentLength": 5368709120, | |
"ETag": "\"d2a8ad628840e25f387e4d2af05fca6b-1024\"", | |
"ContentType": "binary/octet-stream", | |
"ServerSideEncryption": "AES256", | |
"Metadata": {} | |
} | |
$ aws ec2 describe-images --image-id ami-08387bee60e9c743c | jq -r '.Images[].BlockDeviceMappings[].Ebs.Encrypted' | |
true | |
# S3: AES256, AMI: no encryption | |
$ bin/packer build etc/test-encrypt/amazon-test-s3_aes256-ami_no.json | |
file output will be in this color. | |
==> file: Copying ami.raw to filetarget.raw | |
==> file: Copied 5368709120 bytes | |
==> file: Running post-processor: amazon-import | |
file (amazon-import): Uploading filetarget.raw to s3://c0sco-packer-ami/packer-import-1552325746.raw | |
file (amazon-import): Completed upload of filetarget.raw to s3://c0sco-packer-ami/packer-import-1552325746.raw | |
file (amazon-import): Started import of s3://c0sco-packer-ami/packer-import-1552325746.raw, task id import-ami-074778bd9cf720151 | |
file (amazon-import): Waiting for task import-ami-074778bd9cf720151 to complete (may take a while) | |
file (amazon-import): Import task import-ami-074778bd9cf720151 complete | |
file (amazon-import): Adding tag "Description": "packer amazon-import test 1552325746" | |
file (amazon-import): Tagging snapshot snap-055436f01b37ea735 | |
file (amazon-import): Tagging AMI ami-0eb3493b595054367 | |
file (amazon-import): Deleting import source s3://c0sco-packer-ami/packer-import-1552325746.raw | |
Build 'file' finished. | |
==> Builds finished. The artifacts of successful builds are: | |
--> file: AMIs were created: | |
us-west-2: ami-0eb3493b595054367 | |
$ aws s3api head-object --bucket c0sco-packer-ami --key packer-import-1552325746.raw | |
{ | |
"AcceptRanges": "bytes", | |
"LastModified": "Mon, 11 Mar 2019 17:36:33 GMT", | |
"ContentLength": 5368709120, | |
"ETag": "\"d2a8ad628840e25f387e4d2af05fca6b-1024\"", | |
"ContentType": "binary/octet-stream", | |
"ServerSideEncryption": "AES256", | |
"Metadata": {} | |
} | |
$ aws ec2 describe-images --image-id ami-0eb3493b595054367 | jq -r '.Images[].BlockDeviceMappings[].Ebs.Encrypted' | |
false | |
# S3: illegal value, AMI: KMS | |
$ bin/packer build etc/test-encrypt/amazon-test-s3_bad-ami_kmsdefault.json | |
file output will be in this color. | |
1 error(s) occurred: | |
* invalid s3 encryption format 'bad'. Only 'AES256' and 'aws:kms' are allowed | |
# S3: AES256 w/ incorrect parameter combination ('Ignoring...' line in output), AMI: KMS w/ default key | |
$ bin/packer build etc/test-encrypt/amazon-test-s3_aes256_bad-ami_kmsdefault.json | |
file output will be in this color. | |
==> file: Copying ami.raw to filetarget.raw | |
==> file: Copied 5368709120 bytes | |
==> file: Running post-processor: amazon-import | |
file (amazon-import): Ignoring s3_encryption_key because s3_encryption is set to 'AES256' | |
file (amazon-import): Uploading filetarget.raw to s3://c0sco-packer-ami/packer-import-1552332536.raw | |
file (amazon-import): Completed upload of filetarget.raw to s3://c0sco-packer-ami/packer-import-1552332536.raw | |
file (amazon-import): Started import of s3://c0sco-packer-ami/packer-import-1552332536.raw, task id import-ami-020230ca833c5f9da | |
file (amazon-import): Waiting for task import-ami-020230ca833c5f9da to complete (may take a while) | |
file (amazon-import): Import task import-ami-020230ca833c5f9da complete | |
file (amazon-import): Adding tag "Description": "packer amazon-import test 1552332536" | |
file (amazon-import): Tagging snapshot snap-05241915a6f498541 | |
file (amazon-import): Tagging AMI ami-09aacd7a86b094bb1 | |
file (amazon-import): Deleting import source s3://c0sco-packer-ami/packer-import-1552332536.raw | |
Build 'file' finished. | |
==> Builds finished. The artifacts of successful builds are: | |
--> file: AMIs were created: | |
us-west-2: ami-09aacd7a86b094bb1 | |
$ aws s3api head-object --bucket c0sco-packer-ami --key packer-import-1552332536.raw | |
{ | |
"AcceptRanges": "bytes", | |
"LastModified": "Mon, 11 Mar 2019 19:29:03 GMT", | |
"ContentLength": 5368709120, | |
"ETag": "\"d2a8ad628840e25f387e4d2af05fca6b-1024\"", | |
"ContentType": "binary/octet-stream", | |
"ServerSideEncryption": "AES256", | |
"Metadata": {} | |
} | |
$ aws ec2 describe-images --image-id ami-09aacd7a86b094bb1 | jq -r '.Images[].BlockDeviceMappings[].Ebs.Encrypted' | |
true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment