Just set encrypt_boot to true. https://www.packer.io/docs/builders/amazon-ebs.html#encrypt_boot
On Tue, Sep 4, 2018, 16:43 Arunkumar Janarthanan < [email protected]> wrote: > Thanks Rickard, I wanted to have the root volume encrypted, for now I had > to run another script after provisioning the image to encrypt the AMI > through AWS cli. > > Best Regards, > Arun Janarthanan > > > > On Sat, Sep 1, 2018 at 9:01 AM, Rickard von Essen < > [email protected]> wrote: > >> It looks like you are using the wrong device_name: >> >> $ AWS_PROFILE=admin aws --region us-west-2 ec2 describe-images >> --image-ids ami-37efa14f >> { >> "Images": [ >> { >> "Architecture": "x86_64", >> "CreationDate": "2018-06-22T23:29:16.000Z", >> "ImageId": "ami-37efa14f", >> "ImageLocation": >> "amazon/amzn2-ami-minimal-hvm-2.0.20180622.1-x86_64-ebs", >> "ImageType": "machine", >> "Public": true, >> "OwnerId": "137112412989", >> "State": "available", >> "BlockDeviceMappings": [ >> { >> "DeviceName": "/dev/xvda", >> "Ebs": { >> "Encrypted": false, >> "DeleteOnTermination": true, >> "SnapshotId": "snap-04e358335dc927649", >> "VolumeSize": 2, >> "VolumeType": "standard" >> } >> } >> ], >> "Description": "Amazon Linux 2 AMI 2.0.20180622.1 x86_64 >> Minimal HVM ebs", >> "EnaSupport": true, >> "Hypervisor": "xen", >> "ImageOwnerAlias": "amazon", >> "Name": "amzn2-ami-minimal-hvm-2.0.20180622.1-x86_64-ebs", >> "RootDeviceName": "/dev/xvda", >> "RootDeviceType": "ebs", >> "SriovNetSupport": "simple", >> "VirtualizationType": "hvm" >> } >> ] >> } >> >> This thread contains more information: >> >> https://groups.google.com/d/msgid/packer-tool/ea501630-7e60-43aa-a543-cb60f90cbaa5%40googlegroups.com >> >> On Thu, 30 Aug 2018 at 21:39, Arunkumar Janarthanan < >> [email protected]> wrote: >> >>> Apologize for the short subject line and the missing salutations. >>> >>> On Thursday, August 30, 2018 at 3:31:42 PM UTC-4, Arunkumar Janarthanan >>> wrote: >>>> >>>> I run Packer 1.2.5 on OSX, I have been trying to create encrypted >>>> volume AMI with CIS security hardened script enabled and facing numerous >>>> problems with it. >>>> >>>> Problem #1. >>>> >>>> I am getting SSH timeout upon adding the below section, however without >>>> the below section AMI provisioning looks good except the root volume size >>>> always 2 gig. >>>> >>>> Error: >>>> >>>> 2018/08/30 13:11:18 packer: 2018/08/30 13:11:18 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:11:38 packer: 2018/08/30 13:11:38 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:11:58 packer: 2018/08/30 13:11:58 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:12:18 packer: 2018/08/30 13:12:18 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:12:38 packer: 2018/08/30 13:12:38 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:12:58 packer: 2018/08/30 13:12:58 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:13:18 packer: 2018/08/30 13:13:18 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:13:38 packer: 2018/08/30 13:13:38 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:13:58 packer: 2018/08/30 13:13:58 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:14:18 packer: 2018/08/30 13:14:18 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:14:38 packer: 2018/08/30 13:14:38 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:14:58 packer: 2018/08/30 13:14:58 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> 2018/08/30 13:15:06 packer: 2018/08/30 13:15:06 No AWS timeout and >>>> polling overrides have been set. Packer will defalt to waiter-specific >>>> delays and timeouts. If you would like to customize the length of time >>>> between retries and max number of retries you may do so by setting the >>>> environment variables AWS_POLL_DELAY_SECONDS and AWS_MAX_ATTEMPTS to your >>>> desired values. >>>> >>>> 2018/08/30 13:15:18 packer: 2018/08/30 13:15:18 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>> >>>> >>>> >>>> // ----------- >>>> >>>> "ami_block_device_mappings": [ { >>>> >>>> "device_name": "/dev/sda1", >>>> >>>> "volume_size": 64, >>>> >>>> "delete_on_termination": true >>>> >>>> } ], >>>> >>>> "launch_block_device_mappings": [ { >>>> >>>> "device_name": "/dev/sda1", >>>> >>>> "volume_size": 64, >>>> >>>> "delete_on_termination": true >>>> >>>> } ], >>>> >>>> >>>> // ----- >>>> >>>> >>>> Full json file: this works except it only creates 3 gig root volume. >>>> >>>> >>>> ======= >>>> >>>> >>>> { >>>> >>>> "variables" : { >>>> >>>> "region" : "us-west-2" >>>> >>>> }, >>>> >>>> "builders" : [ >>>> >>>> { >>>> >>>> "type" : "amazon-ebs", >>>> >>>> "profile" : "default", >>>> >>>> "region" : "{{user `region`}}", >>>> >>>> "instance_type" : "t2.micro", >>>> >>>> "source_ami" : "ami-37efa14f", >>>> >>>> "ssh_username" : "ec2-user", >>>> >>>> "ami_name" : "docker-17.12.1-ce", >>>> >>>> "ami_description" : "Amazon Linux Image with Docker-CE", >>>> >>>> "ami_block_device_mappings": [{ >>>> >>>> "delete_on_termination": "true", >>>> >>>> "device_name": "/dev/sda1" >>>> >>>> }], >>>> >>>> "run_tags" : { >>>> >>>> "Name" : "AE-Plain", >>>> >>>> "Tool" : "Packer", >>>> >>>> "Author" : "AJ" >>>> >>>> } >>>> >>>> } >>>> >>>> ], >>>> >>>> "provisioners" : [ >>>> >>>> { >>>> >>>> "type" : "shell", >>>> >>>> "script" : "./setup.sh" >>>> >>>> }, >>>> >>>> { >>>> >>>> "type": "shell", >>>> >>>> "execute_command": "sudo -S bash '{{ .Path }}'", >>>> >>>> "scripts": [ >>>> >>>> "amazonlinux-hardening.sh", >>>> >>>> "docker-secure.sh" >>>> >>>> ] >>>> >>>> } >>>> >>>> ] >>>> >>>> } >>>> >>>> >>>> Kindly advise. >>>> >>>> Thanks, >>>> AJ >>>> >>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/packer-tool/4883a996-6688-4afd-aa29-34d87e8f7a3b%40googlegroups.com >>> <https://groups.google.com/d/msgid/packer-tool/4883a996-6688-4afd-aa29-34d87e8f7a3b%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/packer-tool/CALz9Rt920KL0a8FpeD3WEJTR-mzH6y2VzAsrOoBDJEauATP7Qw%40mail.gmail.com >> <https://groups.google.com/d/msgid/packer-tool/CALz9Rt920KL0a8FpeD3WEJTR-mzH6y2VzAsrOoBDJEauATP7Qw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/CALJ%2BeNLYoUAQwG2jWKULEnMbW8XZn7f0Oh54VJ3iN1%3DQtkkGTw%40mail.gmail.com > <https://groups.google.com/d/msgid/packer-tool/CALJ%2BeNLYoUAQwG2jWKULEnMbW8XZn7f0Oh54VJ3iN1%3DQtkkGTw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt-k%2B1esM8Qc0FwJVqPm%3DSLuTRFeF%3DUO7p%3DWeW461t6QBg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
