Created
June 12, 2024 22:14
-
-
Save thomasvincent/4e371086d7f05366b67447915733d42b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "vpc_id" { | |
type = string | |
description = "VPC ID for the instance" | |
default = "{{env `BUILD_VPC_ID`}}" | |
} | |
variable "subnet_id" { | |
type = string | |
description = "Subnet ID for the instance" | |
default = "{{env `BUILD_SUBNET_ID`}}" | |
} | |
variable "aws_region" { | |
type = string | |
description = "AWS region to build the AMI in" | |
default = "{{env `AWS_REGION`}}" | |
} | |
variable "ami_name" { | |
type = string | |
description = "Name of the AMI" | |
default = "Prod-CIS-Latest-AMZN-{{isotime \"02-Jan-06 03_04_05\"}}" | |
} | |
variable "packer_chef_bootstrap_dir" { | |
type = string | |
description = "Directory containing Chef bootstrap files" | |
} | |
variable "chef_dir" { | |
type = string | |
description = "Chef installation directory" | |
} | |
variable "packer_uid" { | |
type = string | |
description = "Packer user ID" | |
} | |
variable "packer_gid" { | |
type = string | |
description = "Packer group ID" | |
} | |
variable "chef_client_config_tpl" { | |
type = string | |
description = "Chef client configuration template" | |
} | |
variable "chef_run_list" { | |
type = string | |
description = "Chef run list for provisioning" | |
} | |
source "amazon-ebs" "cis_ami" { | |
ami_name = var.ami_name | |
instance_type = "t2.micro" | |
region = var.aws_region | |
ssh_username = "ec2-user" | |
vpc_id = var.vpc_id | |
subnet_id = var.subnet_id | |
associate_public_ip_address = true | |
ami_description = "Amazon Linux CIS with Cloudwatch Logs agent" | |
tags = { | |
Name = var.ami_name | |
} | |
source_ami_filter { | |
filters = { | |
virtualization-type = "hvm" | |
name = "amzn-ami*-ebs" | |
root-device-type = "ebs" | |
} | |
owners = ["137112412989", "591542846629", "801119661308", "102837901569", "013907871322", "206029621532", "286198878708", "443319210888"] | |
most_recent = true | |
} | |
} | |
build { | |
sources = [ | |
source.amazon-ebs.cis_ami | |
] | |
provisioner "file" { | |
source = var.packer_chef_bootstrap_dir | |
destination = "/tmp/bootstrap" | |
} | |
provisioner "shell" { | |
inline = [ | |
"sudo mkdir -p ${var.chef_dir}", | |
"sudo mkdir -p /tmp/packer-chef-client", | |
"sudo chown ${var.packer_uid}.${var.packer_gid} /tmp/packer-chef-client", | |
"sudo sh /tmp/bootstrap/bootstrap.sh" | |
] | |
} | |
provisioner "chef-client" { | |
server_url = "http://localhost:8889" | |
config_template = "${var.chef_client_config_tpl}/client.rb.tpl" | |
skip_clean_node = true | |
skip_clean_client = true | |
run_list = var.chef_run_list | |
} | |
provisioner "shell" { | |
inline = [ | |
"rm .ssh/authorized_keys ; sudo rm /root/.ssh/authorized_keys" | |
] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment