was there a solution to this? I seem to be running into the same error where i am trying to use packer to create an ami from a base encrypted ami which has encrypted CMK snapshots
On Thursday, November 23, 2017 at 6:08:08 AM UTC-5, Thenuka Keerthibandara wrote: > > When I change my block device mapping as follows accorfing to > https://github.com/hashicorp/packer/issues/2765 > <https://github.com/hashicorp/packer/issues/2765> > > "ami_block_device_mappings": [ > { > "device_name": "/dev/sdb", > "volume_size": 25, > "volume_type": "gp2", > "delete_on_termination": true > } > ], > "launch_block_device_mappings": [ > { > "device_name": "/dev/sdb", > "snapshot_id": "snap-00d5d1ebd4558da90", > "volume_size": 25, > "volume_type": "gp2", > "delete_on_termination": true > } > ] > > Then I get the following error from packer. How to exactly attach the > already created snapshot to packer? > > [1;32m==> amazon-ebs: Prevalidating AMI Name... [0m > [0;32m amazon-ebs: Found Image ID: ami-80861296 [0m > [1;32m==> amazon-ebs: Creating temporary keypair: > packer_5a16ab0c-8b80-643f-6f53-e890a3fe3143 [0m > [1;32m==> amazon-ebs: Creating temporary security group for this instance... > [0m > [1;32m==> amazon-ebs: Authorizing access to port 22 the temporary security > group... [0m > [1;32m==> amazon-ebs: Launching a source AWS instance... [0m > [1;31m==> amazon-ebs: Error launching source instance: > InvalidBlockDeviceMapping: snapshotId can only be modified on EBS devices > ==> amazon-ebs: status code: 400, request id: > 42e8cf61-fb92-4ab6-9953-d79a469ab87c [0m > [1;32m==> amazon-ebs: No volumes to clean up, skipping [0m > [1;32m==> amazon-ebs: Deleting temporary security group... [0m > [1;32m==> amazon-ebs: Deleting temporary keypair... [0m > [1;31mBuild 'amazon-ebs' errored: Error launching source instance: > InvalidBlockDeviceMapping: snapshotId can only be modified on EBS devices > status code: 400, request id: 42e8cf61-fb92-4ab6-9953-d79a469ab87c [0m > > ==> Some builds didn't complete successfully and had errors: > --> amazon-ebs: Error launching source instance: InvalidBlockDeviceMapping: > snapshotId can only be modified on EBS devices > status code: 400, request id: 42e8cf61-fb92-4ab6-9953-d79a469ab87c > > ==> Builds finished but no artifacts were created. > Finished: FAILURE > > > On Wednesday, November 22, 2017 at 5:20:02 PM UTC+5:30, Thenuka > Keerthibandara wrote: >> >> I'm using a packer script to encrypt my EBS volumes on AWS by creating a >> new AMI with encrypted EBS. >> >> I have a created a CMK using KMS and have added the kms_key_id in packer >> script builder section as follows. >> >> "variables": { >> .................... >> "kms_key_prod": "{{env `kms_key_prod`}}", >> .................... >> }, >> >> "builders": [ >> { >> "type": "amazon-ebs", >> "access_key": "{{user `aws_access_key`}}", >> "secret_key": "{{user `aws_secret_key`}}", >> "vpc_id": "{{user `aws_vpc_id`}}", >> "subnet_id": "{{user `subnet_id`}}", >> "region": "{{user `region`}}", >> "kms_key_id": "{{user `kms_key_prod`}}", >> "source_ami": "{{user `base_ami`}}", >> "instance_type": "t2.micro", >> "ssh_username": "ubuntu", >> "ami_name": "{{user `name`}}-Default-{{isotime >> \"2006-01-02-1504\"}}", >> "ami_description": "Base AMI for Ubuntu 16.04", >> "tags": { >> "Name": "Default-Base", >> "Project": "Public Cloud", >> "Build": "{{ user `buildtime` }}" >> }, >> "ami_block_device_mappings": [ >> { >> "device_name": "/dev/xvdk", >> "volume_size": 25, >> "Encrypted": true, >> "volume_type": "gp2", >> "delete_on_termination": true >> } >> ], >> "launch_block_device_mappings": [ >> { >> "device_name": "/dev/xvdk", >> "volume_size": 25, >> "Encrypted": true, >> "volume_type": "gp2", >> "delete_on_termination": true >> } >> ] >> } >> ], >> >> >> But when packer runs, the generated AMI has an attached snapshots of the >> devices I have attached encrpted with the "default" CMK which is "aws/ebs" >> that is unique for the specific region. >> >> I don't need my boot volume to get encrypted but the attahced EBS volumes >> to be encrypted with the KMS key that I have created. >> >> Does anyone know if this a limitation in packer or if there is any other >> way to achieve this through packer? >> >> Regards, >> Thenuka >> >> >> -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/7e440b51-c5f7-4432-8de3-fc85461c153d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
