Hello Thenuka,
wondering if you found solution for the error, I am facing same issue:
2019/04/24 14:59:43 machine readable: amazon-ebs,error []string{"Error
launching source instance: InvalidBlockDeviceMapping: snapshotId cannot be
modified on root device\n\tstatus code: 400, request id:
ecf7e228-bf92-4e1a-9d65-57dea48c99a5"}
On Thursday, November 23, 2017 at 10:08:08 PM UTC+11, Thenuka
Keerthibandara wrote:
>
> When I change my block device mapping as follows accorfing to
> https://github.com/hashicorp/packer/issues/2765
> <https://github.com/hashicorp/packer/issues/2765>
>
> "ami_block_device_mappings": [
> {
> "device_name": "/dev/sdb",
> "volume_size": 25,
> "volume_type": "gp2",
> "delete_on_termination": true
> }
> ],
> "launch_block_device_mappings": [
> {
> "device_name": "/dev/sdb",
> "snapshot_id": "snap-00d5d1ebd4558da90",
> "volume_size": 25,
> "volume_type": "gp2",
> "delete_on_termination": true
> }
> ]
>
> Then I get the following error from packer. How to exactly attach the
> already created snapshot to packer?
>
> [1;32m==> amazon-ebs: Prevalidating AMI Name... [0m
> [0;32m amazon-ebs: Found Image ID: ami-80861296 [0m
> [1;32m==> amazon-ebs: Creating temporary keypair:
> packer_5a16ab0c-8b80-643f-6f53-e890a3fe3143 [0m
> [1;32m==> amazon-ebs: Creating temporary security group for this instance...
> [0m
> [1;32m==> amazon-ebs: Authorizing access to port 22 the temporary security
> group... [0m
> [1;32m==> amazon-ebs: Launching a source AWS instance... [0m
> [1;31m==> amazon-ebs: Error launching source instance:
> InvalidBlockDeviceMapping: snapshotId can only be modified on EBS devices
> ==> amazon-ebs: status code: 400, request id:
> 42e8cf61-fb92-4ab6-9953-d79a469ab87c [0m
> [1;32m==> amazon-ebs: No volumes to clean up, skipping [0m
> [1;32m==> amazon-ebs: Deleting temporary security group... [0m
> [1;32m==> amazon-ebs: Deleting temporary keypair... [0m
> [1;31mBuild 'amazon-ebs' errored: Error launching source instance:
> InvalidBlockDeviceMapping: snapshotId can only be modified on EBS devices
> status code: 400, request id: 42e8cf61-fb92-4ab6-9953-d79a469ab87c [0m
>
> ==> Some builds didn't complete successfully and had errors:
> --> amazon-ebs: Error launching source instance: InvalidBlockDeviceMapping:
> snapshotId can only be modified on EBS devices
> status code: 400, request id: 42e8cf61-fb92-4ab6-9953-d79a469ab87c
>
> ==> Builds finished but no artifacts were created.
> Finished: FAILURE
>
>
> On Wednesday, November 22, 2017 at 5:20:02 PM UTC+5:30, Thenuka
> Keerthibandara wrote:
>>
>> I'm using a packer script to encrypt my EBS volumes on AWS by creating a
>> new AMI with encrypted EBS.
>>
>> I have a created a CMK using KMS and have added the kms_key_id in packer
>> script builder section as follows.
>>
>> "variables": {
>> ....................
>> "kms_key_prod": "{{env `kms_key_prod`}}",
>> ....................
>> },
>>
>> "builders": [
>> {
>> "type": "amazon-ebs",
>> "access_key": "{{user `aws_access_key`}}",
>> "secret_key": "{{user `aws_secret_key`}}",
>> "vpc_id": "{{user `aws_vpc_id`}}",
>> "subnet_id": "{{user `subnet_id`}}",
>> "region": "{{user `region`}}",
>> "kms_key_id": "{{user `kms_key_prod`}}",
>> "source_ami": "{{user `base_ami`}}",
>> "instance_type": "t2.micro",
>> "ssh_username": "ubuntu",
>> "ami_name": "{{user `name`}}-Default-{{isotime
>> \"2006-01-02-1504\"}}",
>> "ami_description": "Base AMI for Ubuntu 16.04",
>> "tags": {
>> "Name": "Default-Base",
>> "Project": "Public Cloud",
>> "Build": "{{ user `buildtime` }}"
>> },
>> "ami_block_device_mappings": [
>> {
>> "device_name": "/dev/xvdk",
>> "volume_size": 25,
>> "Encrypted": true,
>> "volume_type": "gp2",
>> "delete_on_termination": true
>> }
>> ],
>> "launch_block_device_mappings": [
>> {
>> "device_name": "/dev/xvdk",
>> "volume_size": 25,
>> "Encrypted": true,
>> "volume_type": "gp2",
>> "delete_on_termination": true
>> }
>> ]
>> }
>> ],
>>
>>
>> But when packer runs, the generated AMI has an attached snapshots of the
>> devices I have attached encrpted with the "default" CMK which is "aws/ebs"
>> that is unique for the specific region.
>>
>> I don't need my boot volume to get encrypted but the attahced EBS volumes
>> to be encrypted with the KMS key that I have created.
>>
>> Does anyone know if this a limitation in packer or if there is any other
>> way to achieve this through packer?
>>
>> Regards,
>> Thenuka
>>
>>
>>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/bf028940-ddcd-4793-bfb6-fbadfb76cda5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
