ahh, yeah. if you let packer manage the role for you, it should automatically refresh the session, but if you do it yourself then there's no way for it to take action if it expires.
Here's the documentation https://www.packer.io/docs/builders/amazon-ebs.html#profile which links to https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-profiles which Rickard has documented above --Matt On Thu, Aug 31, 2017 at 8:11 AM Ashish Bista <[email protected]> wrote: > I'm first creating a session as below: > > aws_session=$( > aws sts assume-role \ > --role-arn ${AWS_ROLE_ARN} \ > --role-session-name ${AWS_SESSION_NAME} \ > --region ${AWS_DEFAULT_REGION} \ > ${AWS_ARGS} > ) > > Then I'm exporting environment variables: > > echo AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION > echo AWS_ACCESS_KEY_ID=$(echo $aws_session | jq -r > '.Credentials.AccessKeyId') > echo AWS_SESSION_TOKEN=$(echo $aws_session | jq -r > '.Credentials.SessionToken') > echo AWS_SECRET_ACCESS_KEY=$(echo $aws_session | jq -r > '.Credentials.SecretAccessKey') > > Packer relies on these environment variables to access AWS. > > { > "description": "...", > "variables": { > "source_ami": "{{env `SOURCE_AMI`}}", > "enhanced_networking_type": "{{env `ENHANCED_NETWORKING_TYPE`}}", > "region": "us-east-1", > "project_name": "project1", > "os_name": "centos", > "os_version": "7" > }, > > "provisioners": [ > { > "destination": "/tmp/packer", > "source": "./files", > "type": "file" > }, > { > "type": "shell", > "execute_command": "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ > .Path }}'", > "scripts": [ > "scripts/0-prep.sh", > "scripts/10-bootstrap.sh", > "scripts/20-......sh", > "scripts/40-cleanup.sh" > ] > } > ], > > > "builders": [ > { > "type": "amazon-ebs", > "ami_name": "{{user `os_name`}}-{{user `os_version`}}-{{user > `project_name` }}-{{user `enhanced_networking_type`}}-{{isotime > \"2006-01-02-030405\" | clean_ami_name}}", > "ami_description": "{{user `os_name`}} {{user `project_name`}} > {{user `enhanced_networking_type`}} {{user `os_version`}} {{user > `build_stage`}} image built on {{isotime \"2006-01-02\"}}", > "enhanced_networking": true, > "instance_type": "m4.2xlarge", > "region": "{{user `region`}}", > "security_group_id": "....", > "subnet_id": "...", > "ssh_username": "centos", > "source_ami": "{{ user `source_ami` }}", > "vpc_id": "...", > "iam_instance_profile": "...", > "launch_block_device_mappings": [ > { > "device_name": "/dev/xvda", > "volume_size": 300, > "volume_type": "gp2", > "delete_on_termination": true > } > ], > "run_tags": { > "created_by": "packer", > "environment": "packer_dev" > }, > "tags": { > "Name": "{{user `os_name`}}-{{user `os_version`}}-{{user > `project_name` }}-{{user `enhanced_networking_type`}}-{{isotime > \"2006-01-02-030405\" | clean_ami_name}}", > "build_date": "{{isotime \"2006-01-02\"}}", > "os": "{{user `os_name`}}", > "source_ami": "{{user `source_ami`}}", > "version": "{{user `os_version`}}", > "description": "{{user `description`}}" > } > } > ] > } > > > I couldn't find any documentation on using aws assume role profile. I'm > running packer from a container. I'll follow Richard's suggestions and keep > you posted. > > Thank you! > > > -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/75141bdd-311d-46f9-afbd-5f3148467f1f%40googlegroups.com > <https://groups.google.com/d/msgid/packer-tool/75141bdd-311d-46f9-afbd-5f3148467f1f%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CAEpfdnxATKhQ_S0z5UeNUq%2B6btX1x6-udNoACNjH1hkGfqZ0xw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
