Hi all,
I was originally using packer v1.2.4 with our .json and everything was
running fine. I wanted to update packer to a newer version and found out
that after 1.4.2 I could no longer run my .json as-is like before. My issue
is that my main account has forced MFA, so I was using 'aws-mfa' to setup
the session/security token in ~/.aws/credentials, all I had in the
build.json was the profile and it's "just worked" up until I upgraded. I've
tried a lot of different things to no avail and I'm wondering if it's just
not possible anymore or what changed in these later versions that would
have broken my setup.
{
"variables": {
"access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
"secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}"
},
"builders": [{
"type": "amazon-ebs",
"profile": "packer-dev",
"access_key": "{{user `access_key`}}",
"secret_key": "{{user `secret_key`}}",
...
Here's the credentials for the profile:
[packer-dev]
aws_access_key_id = xxx
aws_secret_access_key = xxx
[packer-dev-long-term]
assumed_role = True
assumed_role_arn = arn:aws:iam::222:role/XXX
aws_access_key_id = xxx
aws_secret_access_key = xxx
aws_session_token = XXX
aws_security_token = XXX
expiration = <date>
role_arn = arn:aws:iam::111:role/XXX
The build would be executed via:
env AWS_PROFILE=packer-dev-long-term packer.1.2.4 build build.json
That's the gist of the original config, the access_key/secret_key were
never really used and I don't think they were ever set as environment
variables.
If I try to run the same command on v1.6.0 I get:
Build 'amazon-ebs' errored: AssumeRoleTokenProviderNotSetError: assume role
with MFA enabled, but AssumeRoleTokenProvider session option not set.
So I added mfa_code to variables/builders and passed it with the
environment:
env AWS_PROFILE=packer-dev-long-term MFA_CODE=12345 packer.1.6.0 build
build.json
When I run that I get an invalid subnet ID:
==> amazon-ebs: Describing the subnet: subnet-xxx returned error:
InvalidSubnetID.NotFound: The subnet ID 'subnet-xxx' does not exist
The subnet clearly exists because this works fine on 1.4.2. I'm at a loss
and I can continue to use 1.4.2 but I really want to know why this won't
work anymore.
Please let me know if you need more information.
Thanks,
Kurt
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/f8b2e92b-5c4a-42c0-9dab-025ade37248co%40googlegroups.com.
