When I change my block device mapping as follows accorfing to
https://github.com/hashicorp/packer/issues/2765
<https://github.com/hashicorp/packer/issues/2765>
"ami_block_device_mappings": [
{
"device_name": "/dev/sdb",
"volume_size": 25,
"volume_type": "gp2",
"delete_on_termination": true
}
],
"launch_block_device_mappings": [
{
"device_name": "/dev/sdb",
"snapshot_id": "snap-00d5d1ebd4558da90",
"volume_size": 25,
"volume_type": "gp2",
"delete_on_termination": true
}
]
Then I get the following error from packer. How to exactly attach the
already created snapshot to packer?
[1;32m==> amazon-ebs: Prevalidating AMI Name... [0m
[0;32m amazon-ebs: Found Image ID: ami-80861296 [0m
[1;32m==> amazon-ebs: Creating temporary keypair:
packer_5a16ab0c-8b80-643f-6f53-e890a3fe3143 [0m
[1;32m==> amazon-ebs: Creating temporary security group for this instance...
[0m
[1;32m==> amazon-ebs: Authorizing access to port 22 the temporary security
group... [0m
[1;32m==> amazon-ebs: Launching a source AWS instance... [0m
[1;31m==> amazon-ebs: Error launching source instance:
InvalidBlockDeviceMapping: snapshotId can only be modified on EBS devices
==> amazon-ebs: status code: 400, request id:
42e8cf61-fb92-4ab6-9953-d79a469ab87c [0m
[1;32m==> amazon-ebs: No volumes to clean up, skipping [0m
[1;32m==> amazon-ebs: Deleting temporary security group... [0m
[1;32m==> amazon-ebs: Deleting temporary keypair... [0m
[1;31mBuild 'amazon-ebs' errored: Error launching source instance:
InvalidBlockDeviceMapping: snapshotId can only be modified on EBS devices
status code: 400, request id: 42e8cf61-fb92-4ab6-9953-d79a469ab87c [0m
==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Error launching source instance: InvalidBlockDeviceMapping:
snapshotId can only be modified on EBS devices
status code: 400, request id: 42e8cf61-fb92-4ab6-9953-d79a469ab87c
==> Builds finished but no artifacts were created.
Finished: FAILURE
On Wednesday, November 22, 2017 at 5:20:02 PM UTC+5:30, Thenuka
Keerthibandara wrote:
>
> I'm using a packer script to encrypt my EBS volumes on AWS by creating a
> new AMI with encrypted EBS.
>
> I have a created a CMK using KMS and have added the kms_key_id in packer
> script builder section as follows.
>
> "variables": {
> ....................
> "kms_key_prod": "{{env `kms_key_prod`}}",
> ....................
> },
>
> "builders": [
> {
> "type": "amazon-ebs",
> "access_key": "{{user `aws_access_key`}}",
> "secret_key": "{{user `aws_secret_key`}}",
> "vpc_id": "{{user `aws_vpc_id`}}",
> "subnet_id": "{{user `subnet_id`}}",
> "region": "{{user `region`}}",
> "kms_key_id": "{{user `kms_key_prod`}}",
> "source_ami": "{{user `base_ami`}}",
> "instance_type": "t2.micro",
> "ssh_username": "ubuntu",
> "ami_name": "{{user `name`}}-Default-{{isotime
> \"2006-01-02-1504\"}}",
> "ami_description": "Base AMI for Ubuntu 16.04",
> "tags": {
> "Name": "Default-Base",
> "Project": "Public Cloud",
> "Build": "{{ user `buildtime` }}"
> },
> "ami_block_device_mappings": [
> {
> "device_name": "/dev/xvdk",
> "volume_size": 25,
> "Encrypted": true,
> "volume_type": "gp2",
> "delete_on_termination": true
> }
> ],
> "launch_block_device_mappings": [
> {
> "device_name": "/dev/xvdk",
> "volume_size": 25,
> "Encrypted": true,
> "volume_type": "gp2",
> "delete_on_termination": true
> }
> ]
> }
> ],
>
>
> But when packer runs, the generated AMI has an attached snapshots of the
> devices I have attached encrpted with the "default" CMK which is "aws/ebs"
> that is unique for the specific region.
>
> I don't need my boot volume to get encrypted but the attahced EBS volumes
> to be encrypted with the KMS key that I have created.
>
> Does anyone know if this a limitation in packer or if there is any other
> way to achieve this through packer?
>
> Regards,
> Thenuka
>
>
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/fb2f2977-bbb8-41ff-8e9b-6c350d7c92a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
