[packer] Need help figuring out environment variables

[Seth Floyd]

Hi. Im running into an issue and I feel like ive missed something in a doc 
somewhere and i need someone to set me straight.
Im using Gitlab CI for my pipeline which builds a docker container that has 
packer installed inside it and thats where i run my packer build from. I 
have my AWS keys set in my gitlab project as CI variables. 
Here are the commands im running in my pipeline:

  - docker build --build-arg PACKER_VERSION=$PACKER_VERSION -t packer .
  - docker run -d -t -i --name packer_builder packer
  - docker exec -i -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" -e 
AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" packer_builder packer 
validate /tmp/gitlab.json
  - docker exec -i -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" -e 
AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" packer_builder packer build 
/tmp/gitlab.json

My PACKER_VERSION gets passed into my docker container just fine. I can 
echo it. My AWS keys are being passed into the container as env vars which 
allow packer build to run, which it does just fine. What I need to do is 
actually use these AWS keys inside a script provisioner so that I can do 
some CP from an S3 bucket. The var name im using in Gitlab is 
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

Can someone tell me what Ive missed or what I should be doing here to make 
these env vars available?  
Thanks!

Trimmed down example packer template:

{
    "variables": {
        "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
        "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}"
    },
    "builders": [{
        "type": "amazon-ebs",
        "access_key": "{{user `aws_access_key`}}",
        "secret_key": "{{user `aws_secret_key`}}",
        "region": "us-east-1",
        "source_ami_filter": {
            "filters": {
                "virtualization-type": "hvm",
                "name": "Base-AMI-Ubuntu-*",
                "root-device-type": "ebs"
            },
            "owners": [
                "XXXXXXXXXXXX"
            ],
            "most_recent": true
        },
        "instance_type": "t2.large",
        "ssh_username": "ubuntu",
        "ami_name": "Gitlab-{{timestamp}}",
        "vpc_id": "vpc-XXXXXX",
        "subnet_id": "subnet-XXXXXXXX"
    }],
    "provisioners": [{
            "type": "shell",
            "environment_vars": [
                "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID",
                "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
            ],
            "inline": [
                "#!/bin/bash -x",
                "echo $AWS_ACCESS_KEY_ID",    <----This only returns 
$AWS_ACCESS_KEY_ID
                "sudo rm /var/lib/apt/lists/lock",
                "sleep 60",
                "sudo apt-get install -y curl openssh-server 
ca-certificates apt-transport-https ca-certificates 
software-properties-common",
                "curl 
https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh 
| sudo bash",
                "sudo EXTERNAL_URL='http://gitlab.tb65.net' apt-get install 
gitlab-ee",

                "#Certs",
                "sudo mkdir -p /etc/gitlab/ssl",
                "sudo chmod 700 /etc/gitlab/ssl",
                "sudo aws s3 cp 
s3://BUCKET_NAME-devops/Certs/__MY_DOMAIN/__MY_DOMAIN.key 
/etc/gitlab/ssl/__MY_DOMAIN.key"  <-- This fails and says my creds are not 
available.
            ]
        }
    ]
}

-- 
This mailing list is governed under the HashiCorp Community Guidelines - 
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of 
those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
--- 
You received this message because you are subscribed to the Google Groups 
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to packer-tool+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/packer-tool/e7cfb131-096d-40b3-a5a9-e0e4d4e1611f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.