Created
November 29, 2016 01:11
-
-
Save razorsedge/cc0ce3557fe33089142c210877a74943 to your computer and use it in GitHub Desktop.
Packer templates to copy and encrypt a Marketplace AMI.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "description": "Copy the centos.org CentOS 6 AMI into our account so that we can add boot volume encryption.", | |
| "min_packer_version": "0.11.0", | |
| "variables": { | |
| "aws_region": "us-east-1", | |
| "aws_vpc": null, | |
| "aws_subnet": null, | |
| "ssh_username": "centos" | |
| }, | |
| "builders": [ | |
| { | |
| "type": "amazon-ebs", | |
| "ami_name": "CentOS Linux 6 x86_64 HVM EBS (encrypted) {{isotime \"20060102\"}}", | |
| "ami_description": "CentOS Linux 6 x86_64 HVM EBS (encrypted) {{isotime \"20060102\"}}", | |
| "instance_type": "t2.micro", | |
| "region": "{{user `aws_region`}}", | |
| "vpc_id": "{{user `aws_vpc`}}", | |
| "subnet_id": "{{user `aws_subnet`}}", | |
| "source_ami_filter": { | |
| "filters": { | |
| "owner-alias": "aws-marketplace", | |
| "product-code": "6x5jmcajty9edm3f211pqjfn2", | |
| "virtualization-type": "hvm" | |
| }, | |
| "most_recent": true | |
| }, | |
| "ami_virtualization_type": "hvm", | |
| "ssh_username": "{{user `ssh_username`}}", | |
| "associate_public_ip_address": true, | |
| "tags": { | |
| "Name": "CentOS 6", | |
| "OS": "CentOS", | |
| "OSVER": "6" | |
| }, | |
| "encrypt_boot": true, | |
| "ami_block_device_mappings": [ | |
| { | |
| "device_name": "/dev/sda1", | |
| "volume_type": "gp2", | |
| "volume_size": 8, | |
| "encrypted": true, | |
| "delete_on_termination": true | |
| } | |
| ], | |
| "communicator": "ssh", | |
| "ssh_pty": true | |
| } | |
| ], | |
| "provisioners": [ | |
| { | |
| "type": "shell", | |
| "execute_command": "sudo -S sh '{{.Path}}'", | |
| "inline_shebang": "/bin/sh -e -x", | |
| "inline": [ | |
| "echo '** Shreding sensitive data ...'", | |
| "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", | |
| "shred -u /root/.*history /home/{{user `ssh_username`}}/.*history", | |
| "shred -u /root/.ssh/authorized_keys /home/{{user `ssh_username`}}/.ssh/authorized_keys", | |
| "sync; sleep 1; sync" | |
| ] | |
| } | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "description": "Copy the centos.org CentOS 7 AMI into our account so that we can add boot volume encryption.", | |
| "min_packer_version": "0.11.0", | |
| "variables": { | |
| "aws_region": "us-east-1", | |
| "aws_vpc": null, | |
| "aws_subnet": null, | |
| "ssh_username": "centos" | |
| }, | |
| "builders": [ | |
| { | |
| "type": "amazon-ebs", | |
| "ami_name": "CentOS Linux 7 x86_64 HVM EBS (encrypted) {{isotime \"20060102\"}}", | |
| "ami_description": "CentOS Linux 7 x86_64 HVM EBS (encrypted) {{isotime \"20060102\"}}", | |
| "instance_type": "t2.micro", | |
| "region": "{{user `aws_region`}}", | |
| "vpc_id": "{{user `aws_vpc`}}", | |
| "subnet_id": "{{user `aws_subnet`}}", | |
| "source_ami_filter": { | |
| "filters": { | |
| "owner-alias": "aws-marketplace", | |
| "product-code": "aw0evgkw8e5c1q413zgy5pjce", | |
| "virtualization-type": "hvm" | |
| }, | |
| "most_recent": true | |
| }, | |
| "ami_virtualization_type": "hvm", | |
| "ssh_username": "{{user `ssh_username`}}", | |
| "associate_public_ip_address": true, | |
| "tags": { | |
| "Name": "CentOS 7", | |
| "OS": "CentOS", | |
| "OSVER": "7" | |
| }, | |
| "encrypt_boot": true, | |
| "ami_block_device_mappings": [ | |
| { | |
| "device_name": "/dev/sda1", | |
| "volume_type": "gp2", | |
| "volume_size": 8, | |
| "encrypted": true, | |
| "delete_on_termination": true | |
| } | |
| ], | |
| "communicator": "ssh", | |
| "ssh_pty": true | |
| } | |
| ], | |
| "provisioners": [ | |
| { | |
| "type": "shell", | |
| "execute_command": "sudo -S sh '{{.Path}}'", | |
| "inline_shebang": "/bin/sh -e -x", | |
| "inline": [ | |
| "echo '** Shreding sensitive data ...'", | |
| "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", | |
| "shred -u /root/.*history /home/{{user `ssh_username`}}/.*history", | |
| "shred -u /root/.ssh/authorized_keys /home/{{user `ssh_username`}}/.ssh/authorized_keys", | |
| "sync; sleep 1; sync" | |
| ] | |
| } | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWS_PROFILE=default packer build -var 'aws_vpc=vpc-12345678' -var 'aws_subnet=subnet-23456789' encrypt-centos.org-6-ami.json | |
| AWS_PROFILE=default packer build -var 'aws_vpc=vpc-12345678' -var 'aws_subnet=subnet-23456789' encrypt-centos.org-7-ami.json |
this no longer works, two things need to be updated
- remove ami_block_device_mappings
- "owners": [ "679593333241" ], # needs to be added to the source_ami_filter
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is an article posted at the Clairvoyant blog describing the above code.