That should absolutely be fine for me. Thanks a ton ! Best Regards, Arun Janarthanan
On Tue, Sep 4, 2018 at 2:00 PM, Rickard von Essen < [email protected]> wrote: > If you don't set the kms_id you get the default kms key for EBS created by > AWS for your account. Which is probably fine unless you have specific > security requirements or need to share the underlying snapshots with other > accounts. > > On Tue, 4 Sep 2018 at 19:43, Arunkumar Janarthanan < > [email protected]> wrote: > >> Thanks, do I not need to mention the KMS id ? >> >> Best Regards, >> Arun Janarthanan >> >> >> >> On Tue, Sep 4, 2018 at 1:32 PM, Rickard von Essen < >> [email protected]> wrote: >> >>> Just set encrypt_boot to true. >>> >>> https://www.packer.io/docs/builders/amazon-ebs.html#encrypt_boot >>> >>> On Tue, Sep 4, 2018, 16:43 Arunkumar Janarthanan < >>> [email protected]> wrote: >>> >>>> Thanks Rickard, I wanted to have the root volume encrypted, for now I >>>> had to run another script after provisioning the image to encrypt the AMI >>>> through AWS cli. >>>> >>>> Best Regards, >>>> Arun Janarthanan >>>> >>>> >>>> >>>> On Sat, Sep 1, 2018 at 9:01 AM, Rickard von Essen < >>>> [email protected]> wrote: >>>> >>>>> It looks like you are using the wrong device_name: >>>>> >>>>> $ AWS_PROFILE=admin aws --region us-west-2 ec2 describe-images >>>>> --image-ids ami-37efa14f >>>>> { >>>>> "Images": [ >>>>> { >>>>> "Architecture": "x86_64", >>>>> "CreationDate": "2018-06-22T23:29:16.000Z", >>>>> "ImageId": "ami-37efa14f", >>>>> "ImageLocation": "amazon/amzn2-ami-minimal-hvm- >>>>> 2.0.20180622.1-x86_64-ebs", >>>>> "ImageType": "machine", >>>>> "Public": true, >>>>> "OwnerId": "137112412989", >>>>> "State": "available", >>>>> "BlockDeviceMappings": [ >>>>> { >>>>> "DeviceName": "/dev/xvda", >>>>> "Ebs": { >>>>> "Encrypted": false, >>>>> "DeleteOnTermination": true, >>>>> "SnapshotId": "snap-04e358335dc927649", >>>>> "VolumeSize": 2, >>>>> "VolumeType": "standard" >>>>> } >>>>> } >>>>> ], >>>>> "Description": "Amazon Linux 2 AMI 2.0.20180622.1 x86_64 >>>>> Minimal HVM ebs", >>>>> "EnaSupport": true, >>>>> "Hypervisor": "xen", >>>>> "ImageOwnerAlias": "amazon", >>>>> "Name": "amzn2-ami-minimal-hvm-2.0.20180622.1-x86_64-ebs", >>>>> "RootDeviceName": "/dev/xvda", >>>>> "RootDeviceType": "ebs", >>>>> "SriovNetSupport": "simple", >>>>> "VirtualizationType": "hvm" >>>>> } >>>>> ] >>>>> } >>>>> >>>>> This thread contains more information: >>>>> https://groups.google.com/d/msgid/packer-tool/ea501630- >>>>> 7e60-43aa-a543-cb60f90cbaa5%40googlegroups.com >>>>> >>>>> On Thu, 30 Aug 2018 at 21:39, Arunkumar Janarthanan < >>>>> [email protected]> wrote: >>>>> >>>>>> Apologize for the short subject line and the missing salutations. >>>>>> >>>>>> On Thursday, August 30, 2018 at 3:31:42 PM UTC-4, Arunkumar >>>>>> Janarthanan wrote: >>>>>>> >>>>>>> I run Packer 1.2.5 on OSX, I have been trying to create encrypted >>>>>>> volume AMI with CIS security hardened script enabled and facing numerous >>>>>>> problems with it. >>>>>>> >>>>>>> Problem #1. >>>>>>> >>>>>>> I am getting SSH timeout upon adding the below section, however >>>>>>> without the below section AMI provisioning looks good except the root >>>>>>> volume size always 2 gig. >>>>>>> >>>>>>> Error: >>>>>>> >>>>>>> 2018/08/30 13:11:18 packer: 2018/08/30 13:11:18 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:11:38 packer: 2018/08/30 13:11:38 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:11:58 packer: 2018/08/30 13:11:58 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:12:18 packer: 2018/08/30 13:12:18 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:12:38 packer: 2018/08/30 13:12:38 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:12:58 packer: 2018/08/30 13:12:58 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:13:18 packer: 2018/08/30 13:13:18 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:13:38 packer: 2018/08/30 13:13:38 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:13:58 packer: 2018/08/30 13:13:58 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:14:18 packer: 2018/08/30 13:14:18 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:14:38 packer: 2018/08/30 13:14:38 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:14:58 packer: 2018/08/30 13:14:58 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> 2018/08/30 13:15:06 packer: 2018/08/30 13:15:06 No AWS timeout and >>>>>>> polling overrides have been set. Packer will defalt to waiter-specific >>>>>>> delays and timeouts. If you would like to customize the length of time >>>>>>> between retries and max number of retries you may do so by setting the >>>>>>> environment variables AWS_POLL_DELAY_SECONDS and AWS_MAX_ATTEMPTS to >>>>>>> your >>>>>>> desired values. >>>>>>> >>>>>>> 2018/08/30 13:15:18 packer: 2018/08/30 13:15:18 [DEBUG] TCP >>>>>>> connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o >>>>>>> timeout >>>>>>> >>>>>>> >>>>>>> >>>>>>> // ----------- >>>>>>> >>>>>>> "ami_block_device_mappings": [ { >>>>>>> >>>>>>> "device_name": "/dev/sda1", >>>>>>> >>>>>>> "volume_size": 64, >>>>>>> >>>>>>> "delete_on_termination": true >>>>>>> >>>>>>> } ], >>>>>>> >>>>>>> "launch_block_device_mappings": [ { >>>>>>> >>>>>>> "device_name": "/dev/sda1", >>>>>>> >>>>>>> "volume_size": 64, >>>>>>> >>>>>>> "delete_on_termination": true >>>>>>> >>>>>>> } ], >>>>>>> >>>>>>> >>>>>>> // ----- >>>>>>> >>>>>>> >>>>>>> Full json file: this works except it only creates 3 gig root volume. >>>>>>> >>>>>>> >>>>>>> ======= >>>>>>> >>>>>>> >>>>>>> { >>>>>>> >>>>>>> "variables" : { >>>>>>> >>>>>>> "region" : "us-west-2" >>>>>>> >>>>>>> }, >>>>>>> >>>>>>> "builders" : [ >>>>>>> >>>>>>> { >>>>>>> >>>>>>> "type" : "amazon-ebs", >>>>>>> >>>>>>> "profile" : "default", >>>>>>> >>>>>>> "region" : "{{user `region`}}", >>>>>>> >>>>>>> "instance_type" : "t2.micro", >>>>>>> >>>>>>> "source_ami" : "ami-37efa14f", >>>>>>> >>>>>>> "ssh_username" : "ec2-user", >>>>>>> >>>>>>> "ami_name" : "docker-17.12.1-ce", >>>>>>> >>>>>>> "ami_description" : "Amazon Linux Image with Docker-CE", >>>>>>> >>>>>>> "ami_block_device_mappings": [{ >>>>>>> >>>>>>> "delete_on_termination": "true", >>>>>>> >>>>>>> "device_name": "/dev/sda1" >>>>>>> >>>>>>> }], >>>>>>> >>>>>>> "run_tags" : { >>>>>>> >>>>>>> "Name" : "AE-Plain", >>>>>>> >>>>>>> "Tool" : "Packer", >>>>>>> >>>>>>> "Author" : "AJ" >>>>>>> >>>>>>> } >>>>>>> >>>>>>> } >>>>>>> >>>>>>> ], >>>>>>> >>>>>>> "provisioners" : [ >>>>>>> >>>>>>> { >>>>>>> >>>>>>> "type" : "shell", >>>>>>> >>>>>>> "script" : "./setup.sh" >>>>>>> >>>>>>> }, >>>>>>> >>>>>>> { >>>>>>> >>>>>>> "type": "shell", >>>>>>> >>>>>>> "execute_command": "sudo -S bash '{{ .Path }}'", >>>>>>> >>>>>>> "scripts": [ >>>>>>> >>>>>>> "amazonlinux-hardening.sh", >>>>>>> >>>>>>> "docker-secure.sh" >>>>>>> >>>>>>> ] >>>>>>> >>>>>>> } >>>>>>> >>>>>>> ] >>>>>>> >>>>>>> } >>>>>>> >>>>>>> >>>>>>> Kindly advise. >>>>>>> >>>>>>> Thanks, >>>>>>> AJ >>>>>>> >>>>>> -- >>>>>> This mailing list is governed under the HashiCorp Community >>>>>> Guidelines - https://www.hashicorp.com/community-guidelines.html. >>>>>> Behavior in violation of those guidelines may result in your removal from >>>>>> this mailing list. >>>>>> >>>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>>> IRC: #packer-tool on Freenode >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Packer" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/packer-tool/4883a996-6688-4afd-aa29-34d87e8f7a3b% >>>>>> 40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/packer-tool/4883a996-6688-4afd-aa29-34d87e8f7a3b%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> -- >>>>> This mailing list is governed under the HashiCorp Community Guidelines >>>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>>> violation of those guidelines may result in your removal from this mailing >>>>> list. >>>>> >>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>> IRC: #packer-tool on Freenode >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Packer" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/packer-tool/CALz9Rt920KL0a8FpeD3WEJTR-mzH6y2VzAsrOoBDJEauATP7Qw% >>>>> 40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/packer-tool/CALz9Rt920KL0a8FpeD3WEJTR-mzH6y2VzAsrOoBDJEauATP7Qw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Packer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/packer-tool/CALJ%2BeNLYoUAQwG2jWKULEnMbW8XZn7f0 >>>> Oh54VJ3iN1%3DQtkkGTw%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/packer-tool/CALJ%2BeNLYoUAQwG2jWKULEnMbW8XZn7f0Oh54VJ3iN1%3DQtkkGTw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/packer-tool/CALz9Rt-k%2B1esM8Qc0FwJVqPm%3DSLuTRFeF% >>> 3DUO7p%3DWeW461t6QBg%40mail.gmail.com >>> <https://groups.google.com/d/msgid/packer-tool/CALz9Rt-k%2B1esM8Qc0FwJVqPm%3DSLuTRFeF%3DUO7p%3DWeW461t6QBg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ >> msgid/packer-tool/CALJ%2BeN%2BLKdPaw7BKbkCx1xt6hCPztUPd5RG >> ivLsmZVmCh%3D5s0g%40mail.gmail.com >> <https://groups.google.com/d/msgid/packer-tool/CALJ%2BeN%2BLKdPaw7BKbkCx1xt6hCPztUPd5RGivLsmZVmCh%3D5s0g%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/packer-tool/CALz9Rt_3_UFyCZ9n%3DDBJaPnTV0avEQjP12Usqn8_ > 3n8y7ppt4A%40mail.gmail.com > <https://groups.google.com/d/msgid/packer-tool/CALz9Rt_3_UFyCZ9n%3DDBJaPnTV0avEQjP12Usqn8_3n8y7ppt4A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALJ%2BeNK9nHmwaFHtBQqbzys8ADJ7-rgfBQF8pG7ENath8kTzkA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
