packer-plugin-amazon icon indicating copy to clipboard operation
packer-plugin-amazon copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Differing behavior when searching through AMI IDs

Open gabrieljcs opened this issue 3 years ago • 3 comments
trafficstars

Overview of the Issue

describe-images can take AMI IDs as inputs in different ways which present different behavior. Specifically, deprecated images do not show up when searching AMI IDs through filters but do when searching directly through the image ID argument. Packer currently "bundles" all filters, including AMI IDs, as a filter call.

Recent changes at AWS have deprecated public images older than two years [1], which might introduce breaking changes in some environments due to unexpected changes in behavior.

It would be desirable if Packer searched for AMI IDs directly through its argument instead of bundled with the other filters. A warning for deprecated images could be given, especially in light of the recently introduced changes.

#259 could be related to this change.

[1] https://aws.amazon.com/about-aws/whats-new/2022/03/amazon-machine-images-public-visibility-two-years/

Reproduction Steps

Trying to use a deprecated AMI with its ID will fail:

source "amazon-ebs" "centos" {
  ami_name      = "centos"
  instance_type = "t2.micro"
  region        = "eu-central-1"
  source_ami_filter {
    filters = {
      image-id = "ami-0e8286b71b81c3cc1"
    }
    most_recent = true
    owners      = ["679593333241"]
  }
  ssh_username = "centos"
}

==> packer.amazon-ebs.centos: Prevalidating AMI Name: centos
==> packer.amazon-ebs.centos: No AMI was found matching filters: {
==> packer.amazon-ebs.centos:   Filters: [{
==> packer.amazon-ebs.centos:       Name: "image-id",
==> packer.amazon-ebs.centos:       Values: ["ami-0e8286b71b81c3cc1"]
==> packer.amazon-ebs.centos:     }],
==> packer.amazon-ebs.centos:   Owners: ["679593333241"]
==> packer.amazon-ebs.centos: }
Build 'packer.amazon-ebs.centos' errored after 3 seconds 639 milliseconds: No AMI was found matching filters: {
  Filters: [{
      Name: "image-id",
      Values: ["ami-0e8286b71b81c3cc1"]
    }],
  Owners: ["679593333241"]
}

As stated in [1], deprecated AMIs should still be usable through their IDs.

Through the AWS CLI, one can see how the use of a filter will not return deprecated images:

aws ec2 describe-images --region eu-central-1 --filters "Name=image-id,Values=ami-0e8286b71b81c3cc1"
{
    "Images": []
}

However, using the image ID argument yields the expected result:

aws ec2 describe-images --region eu-central-1 --image-id ami-0e8286b71b81c3cc1
{
    "Images": [
        {
            "Architecture": "x86_64",
            "CreationDate": "2020-03-09T21:54:49.000Z",
            "ImageId": "ami-0e8286b71b81c3cc1",
            "ImageLocation": "aws-marketplace/CentOS Linux 7 x86_64 HVM EBS ENA 2002_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-0042af67f8e4dcc20.4",
            "ImageType": "machine",
            "Public": true,
            "OwnerId": "679593333241",
            "PlatformDetails": "Linux/UNIX",
            "UsageOperation": "RunInstances",
            "ProductCodes": [
                {
                    "ProductCodeId": "aw0evgkw8e5c1q413zgy5pjce",
                    "ProductCodeType": "marketplace"
                }
            ],
            "State": "available",
            "BlockDeviceMappings": [
                {
                    "DeviceName": "/dev/sda1",
                    "Ebs": {
                        "DeleteOnTermination": false,
                        "SnapshotId": "snap-008b4f42e515a214d",
                        "VolumeSize": 8,
                        "VolumeType": "gp2",
                        "Encrypted": false
                    }
                }
            ],
            "Description": "CentOS Linux 7 x86_64 HVM EBS ENA 2002_01",
            "EnaSupport": true,
            "Hypervisor": "xen",
            "ImageOwnerAlias": "aws-marketplace",
            "Name": "CentOS Linux 7 x86_64 HVM EBS ENA 2002_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-0042af67f8e4dcc20.4",
            "RootDeviceName": "/dev/sda1",
            "RootDeviceType": "ebs",
            "SriovNetSupport": "simple",
            "VirtualizationType": "hvm",
            "DeprecationTime": "2022-08-15T23:59:59.000Z"
        }
    ]
}

Plugin and Packer version

Packer v1.8.3

gabrieljcs avatar Aug 28 '22 18:08 gabrieljcs

Are there any workarounds to get deprecated AMIs working with Packer? We're using a set of AMIs from the Marketplace which haven't been updated yet and are all marked deprecated, I'm unable to get Packer to find them.

mogopz avatar Nov 03 '22 23:11 mogopz

@mogggggg I couldn't find one, which is why I requested this modification, and moved to a non-deprecated image instead.

My understanding is they won't show up as long as Packer uses --filters under the hood.

gabrieljcs avatar Nov 04 '22 00:11 gabrieljcs

Are there any workarounds to get deprecated AMIs working with Packer? We're using a set of AMIs from the Marketplace which haven't been updated yet and are all marked deprecated, I'm unable to get Packer to find them.

use source_ami directly rather than source_ami_filter

brandon-langley-mf avatar Apr 07 '23 17:04 brandon-langley-mf