If you don't set the kms_id you get the default kms key for EBS created by AWS for your account. Which is probably fine unless you have specific security requirements or need to share the underlying snapshots with other accounts.
On Tue, 4 Sep 2018 at 19:43, Arunkumar Janarthanan < [email protected]> wrote: > Thanks, do I not need to mention the KMS id ? > > Best Regards, > Arun Janarthanan > > > > On Tue, Sep 4, 2018 at 1:32 PM, Rickard von Essen < > [email protected]> wrote: > >> Just set encrypt_boot to true. >> >> https://www.packer.io/docs/builders/amazon-ebs.html#encrypt_boot >> >> On Tue, Sep 4, 2018, 16:43 Arunkumar Janarthanan < >> [email protected]> wrote: >> >>> Thanks Rickard, I wanted to have the root volume encrypted, for now I >>> had to run another script after provisioning the image to encrypt the AMI >>> through AWS cli. >>> >>> Best Regards, >>> Arun Janarthanan >>> >>> >>> >>> On Sat, Sep 1, 2018 at 9:01 AM, Rickard von Essen < >>> [email protected]> wrote: >>> >>>> It looks like you are using the wrong device_name: >>>> >>>> $ AWS_PROFILE=admin aws --region us-west-2 ec2 describe-images >>>> --image-ids ami-37efa14f >>>> { >>>> "Images": [ >>>> { >>>> "Architecture": "x86_64", >>>> "CreationDate": "2018-06-22T23:29:16.000Z", >>>> "ImageId": "ami-37efa14f", >>>> "ImageLocation": >>>> "amazon/amzn2-ami-minimal-hvm-2.0.20180622.1-x86_64-ebs", >>>> "ImageType": "machine", >>>> "Public": true, >>>> "OwnerId": "137112412989", >>>> "State": "available", >>>> "BlockDeviceMappings": [ >>>> { >>>> "DeviceName": "/dev/xvda", >>>> "Ebs": { >>>> "Encrypted": false, >>>> "DeleteOnTermination": true, >>>> "SnapshotId": "snap-04e358335dc927649", >>>> "VolumeSize": 2, >>>> "VolumeType": "standard" >>>> } >>>> } >>>> ], >>>> "Description": "Amazon Linux 2 AMI 2.0.20180622.1 x86_64 >>>> Minimal HVM ebs", >>>> "EnaSupport": true, >>>> "Hypervisor": "xen", >>>> "ImageOwnerAlias": "amazon", >>>> "Name": "amzn2-ami-minimal-hvm-2.0.20180622.1-x86_64-ebs", >>>> "RootDeviceName": "/dev/xvda", >>>> "RootDeviceType": "ebs", >>>> "SriovNetSupport": "simple", >>>> "VirtualizationType": "hvm" >>>> } >>>> ] >>>> } >>>> >>>> This thread contains more information: >>>> >>>> https://groups.google.com/d/msgid/packer-tool/ea501630-7e60-43aa-a543-cb60f90cbaa5%40googlegroups.com >>>> >>>> On Thu, 30 Aug 2018 at 21:39, Arunkumar Janarthanan < >>>> [email protected]> wrote: >>>> >>>>> Apologize for the short subject line and the missing salutations. >>>>> >>>>> On Thursday, August 30, 2018 at 3:31:42 PM UTC-4, Arunkumar >>>>> Janarthanan wrote: >>>>>> >>>>>> I run Packer 1.2.5 on OSX, I have been trying to create encrypted >>>>>> volume AMI with CIS security hardened script enabled and facing numerous >>>>>> problems with it. >>>>>> >>>>>> Problem #1. >>>>>> >>>>>> I am getting SSH timeout upon adding the below section, however >>>>>> without the below section AMI provisioning looks good except the root >>>>>> volume size always 2 gig. >>>>>> >>>>>> Error: >>>>>> >>>>>> 2018/08/30 13:11:18 packer: 2018/08/30 13:11:18 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:11:38 packer: 2018/08/30 13:11:38 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:11:58 packer: 2018/08/30 13:11:58 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:12:18 packer: 2018/08/30 13:12:18 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:12:38 packer: 2018/08/30 13:12:38 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:12:58 packer: 2018/08/30 13:12:58 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:13:18 packer: 2018/08/30 13:13:18 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:13:38 packer: 2018/08/30 13:13:38 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:13:58 packer: 2018/08/30 13:13:58 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:14:18 packer: 2018/08/30 13:14:18 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:14:38 packer: 2018/08/30 13:14:38 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:14:58 packer: 2018/08/30 13:14:58 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> 2018/08/30 13:15:06 packer: 2018/08/30 13:15:06 No AWS timeout and >>>>>> polling overrides have been set. Packer will defalt to waiter-specific >>>>>> delays and timeouts. If you would like to customize the length of time >>>>>> between retries and max number of retries you may do so by setting the >>>>>> environment variables AWS_POLL_DELAY_SECONDS and AWS_MAX_ATTEMPTS to your >>>>>> desired values. >>>>>> >>>>>> 2018/08/30 13:15:18 packer: 2018/08/30 13:15:18 [DEBUG] TCP >>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>> timeout >>>>>> >>>>>> >>>>>> >>>>>> // ----------- >>>>>> >>>>>> "ami_block_device_mappings": [ { >>>>>> >>>>>> "device_name": "/dev/sda1", >>>>>> >>>>>> "volume_size": 64, >>>>>> >>>>>> "delete_on_termination": true >>>>>> >>>>>> } ], >>>>>> >>>>>> "launch_block_device_mappings": [ { >>>>>> >>>>>> "device_name": "/dev/sda1", >>>>>> >>>>>> "volume_size": 64, >>>>>> >>>>>> "delete_on_termination": true >>>>>> >>>>>> } ], >>>>>> >>>>>> >>>>>> // ----- >>>>>> >>>>>> >>>>>> Full json file: this works except it only creates 3 gig root volume. >>>>>> >>>>>> >>>>>> ======= >>>>>> >>>>>> >>>>>> { >>>>>> >>>>>> "variables" : { >>>>>> >>>>>> "region" : "us-west-2" >>>>>> >>>>>> }, >>>>>> >>>>>> "builders" : [ >>>>>> >>>>>> { >>>>>> >>>>>> "type" : "amazon-ebs", >>>>>> >>>>>> "profile" : "default", >>>>>> >>>>>> "region" : "{{user `region`}}", >>>>>> >>>>>> "instance_type" : "t2.micro", >>>>>> >>>>>> "source_ami" : "ami-37efa14f", >>>>>> >>>>>> "ssh_username" : "ec2-user", >>>>>> >>>>>> "ami_name" : "docker-17.12.1-ce", >>>>>> >>>>>> "ami_description" : "Amazon Linux Image with Docker-CE", >>>>>> >>>>>> "ami_block_device_mappings": [{ >>>>>> >>>>>> "delete_on_termination": "true", >>>>>> >>>>>> "device_name": "/dev/sda1" >>>>>> >>>>>> }], >>>>>> >>>>>> "run_tags" : { >>>>>> >>>>>> "Name" : "AE-Plain", >>>>>> >>>>>> "Tool" : "Packer", >>>>>> >>>>>> "Author" : "AJ" >>>>>> >>>>>> } >>>>>> >>>>>> } >>>>>> >>>>>> ], >>>>>> >>>>>> "provisioners" : [ >>>>>> >>>>>> { >>>>>> >>>>>> "type" : "shell", >>>>>> >>>>>> "script" : "./setup.sh" >>>>>> >>>>>> }, >>>>>> >>>>>> { >>>>>> >>>>>> "type": "shell", >>>>>> >>>>>> "execute_command": "sudo -S bash '{{ .Path }}'", >>>>>> >>>>>> "scripts": [ >>>>>> >>>>>> "amazonlinux-hardening.sh", >>>>>> >>>>>> "docker-secure.sh" >>>>>> >>>>>> ] >>>>>> >>>>>> } >>>>>> >>>>>> ] >>>>>> >>>>>> } >>>>>> >>>>>> >>>>>> Kindly advise. >>>>>> >>>>>> Thanks, >>>>>> AJ >>>>>> >>>>> -- >>>>> This mailing list is governed under the HashiCorp Community Guidelines >>>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>>> violation of those guidelines may result in your removal from this mailing >>>>> list. >>>>> >>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>> IRC: #packer-tool on Freenode >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Packer" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/packer-tool/4883a996-6688-4afd-aa29-34d87e8f7a3b%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/packer-tool/4883a996-6688-4afd-aa29-34d87e8f7a3b%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Packer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/packer-tool/CALz9Rt920KL0a8FpeD3WEJTR-mzH6y2VzAsrOoBDJEauATP7Qw%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/packer-tool/CALz9Rt920KL0a8FpeD3WEJTR-mzH6y2VzAsrOoBDJEauATP7Qw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/packer-tool/CALJ%2BeNLYoUAQwG2jWKULEnMbW8XZn7f0Oh54VJ3iN1%3DQtkkGTw%40mail.gmail.com >>> <https://groups.google.com/d/msgid/packer-tool/CALJ%2BeNLYoUAQwG2jWKULEnMbW8XZn7f0Oh54VJ3iN1%3DQtkkGTw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/packer-tool/CALz9Rt-k%2B1esM8Qc0FwJVqPm%3DSLuTRFeF%3DUO7p%3DWeW461t6QBg%40mail.gmail.com >> <https://groups.google.com/d/msgid/packer-tool/CALz9Rt-k%2B1esM8Qc0FwJVqPm%3DSLuTRFeF%3DUO7p%3DWeW461t6QBg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/CALJ%2BeN%2BLKdPaw7BKbkCx1xt6hCPztUPd5RGivLsmZVmCh%3D5s0g%40mail.gmail.com > <https://groups.google.com/d/msgid/packer-tool/CALJ%2BeN%2BLKdPaw7BKbkCx1xt6hCPztUPd5RGivLsmZVmCh%3D5s0g%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt_3_UFyCZ9n%3DDBJaPnTV0avEQjP12Usqn8_3n8y7ppt4A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
