packer-plugin-amazon
packer-plugin-amazon copied to clipboard
Published
20 hours ago •
hashicorp
hashicorp
Packer EBS Builder does not explicitly set the associate_public_ip_address attribute
This issue was originally opened by @schniber in https://github.com/hashicorp/packer/issues/12050 and has been migrated to this repository. The original issue description is below.
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Overview of the Issue
When setting the associate_public_ip_address attribute to false in the source.pkr.hcl file for an AWS EBS Builder, the API call done to AWS does not include the corresponding attribute.
source "amazon-ebs" "oracle-linux-8" {
source_ami_filter {
filters = {
name = var.base_ami_filter
root-device-type = "ebs"
virtualization-type = "hvm"
}
owners = local.source_ami_owners
most_recent = true
}
region = var.region
ami_regions = var.target_regions
ami_description = local.ami_description
ami_name = local.ami_name
subnet_id = var.subnet_id
instance_type = var.instance_type
security_group_id = var.security_group_id
associate_public_ip_address = false
region_kms_key_ids = var.region_kms_key_ids
ssh_username = "ec2-user"
launch_block_device_mappings {
device_name = var.root_volume_device_name
volume_type = var.root_volume_type
volume_size = var.root_volume_size
encrypted = true
kms_key_id = "${var.region_kms_key_ids[var.region]}"
throughput = var.root_volume_throughput
iops = var.root_volume_type == "io1" || var.root_volume_type == "io2" ? var.root_volume_iops : null
delete_on_termination = true
}
encrypt_boot = true
run_tags = {
Name = format("%s%s", "Packer Builder - ", local.ami_name)
"Build Region" = "{{ .BuildRegion }}"
"Build Timestamp" = local.timestamp
"Target Regions" = join(" | ", var.target_regions)
"OS Arch" = var.os_arch
"OS Name" = var.os_name
"OS Version" = var.os_version
"Source AMI ID" = "{{ .SourceAMI }}"
"Source AMI Name" = "{{ .SourceAMIName }}"
"Source AMI Creation Date" = "{{ .SourceAMICreationDate }}"
}
run_volume_tags = {
Name = format("%s%s", "Packer Builder - ", local.ami_name)
"Build Region" = "{{ .BuildRegion }}"
"Build Timestamp" = local.timestamp
"Target Regions" = join(" | ", var.target_regions)
"OS Arch" = var.os_arch
"OS Name" = var.os_name
"OS Version" = var.os_version
"Source AMI ID" = "{{ .SourceAMI }}"
"Source AMI Name" = "{{ .SourceAMIName }}"
"Source AMI Creation Date" = "{{ .SourceAMICreationDate }}"
}
tags = {
Name = local.ami_name
"Build Region" = "{{ .BuildRegion }}"
"Build Timestamp" = local.timestamp
"Target Regions" = join(" | ", var.target_regions)
"OS Arch" = var.os_arch
"OS Name" = var.os_name
"OS Version" = var.os_version
"Source AMI ID" = "{{ .SourceAMI }}"
"Source AMI Name" = "{{ .SourceAMIName }}"
"Source AMI Creation Date" = "{{ .SourceAMICreationDate }}"
}
}
I discovered this because the AWS Account I am trying to run this on, has a service control policy which denies the action ec2:RunInstances if the API call does not explicitly contain the request not to assign a public ip address.
Below is the Packer Log:
packer build -var-file="inputs/develop.pkrvars.hcl" .
2022/10/14 17:03:03 [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:03 [TRACE] discovering plugins in C:\ProgramData\chocolatey\bin
2022/10/14 17:03:03 [TRACE] discovering plugins in C:\Users\userid\AppData\Roaming\packer.d\plugins
2022/10/14 17:03:03 [TRACE] discovering plugins in .
2022/10/14 17:03:03 [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:03 [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:03 [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:03 [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
e: cannot determine if process is in background: Process background check error: not implemented yet
2022/10/14 17:03:03 [TRACE] validateValue: not active for root_volume_iops, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for block_device_mappings, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for unrar_version, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for os_arch, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for instance_type, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for os_name, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for iam_instance_profile, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for ami_name, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for root_volume_throughput, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for root_volume_device_name, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for ami_description, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for subnet_id, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for os_version, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for base_ami_filter, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for target_regions, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for root_volume_size, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for security_group_id, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for region_kms_key_ids, so skipping
2022/10/14 17:03:03 [TRACE] validateValue: not active for company_name, so skipping
2022/10/14 17:03:03 [TRACE] Starting internal plugin packer-builder-amazon-ebs
2022/10/14 17:03:03 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-builder-amazon-ebs"}
2022/10/14 17:03:03 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:04 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:04 packer.exe plugin: args: []string{"packer-builder-amazon-ebs"}
2022/10/14 17:03:04 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:04 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:04 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:04 packer.exe plugin: [INFO] (aws): No AWS timeout and polling overrides have been set. Packer will default to waiter-specific delays and timeouts. If you would like to customize the length of time between retries and max number of retries you may do so by setting the environment variables AWS_POLL_DELAY_SECONDS and AWS_MAX_ATTEMPTS or the configuration options
aws_polling_delay_seconds and aws_polling_max_attempts to your desired values.
2022/10/14 17:03:04 packer.exe plugin: Cannot copy AMI to AWS session region 'eu-central-1', deleting it from `ami_regions`.
2022/10/14 17:03:04 [TRACE] Starting internal plugin packer-provisioner-file
2022/10/14 17:03:04 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-provisioner-file"}
2022/10/14 17:03:04 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:04 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:04 packer.exe plugin: args: []string{"packer-provisioner-file"}
2022/10/14 17:03:04 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:04 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:04 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:04 [TRACE] Starting internal plugin packer-provisioner-file
2022/10/14 17:03:04 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-provisioner-file"}
2022/10/14 17:03:04 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:04 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:04 packer.exe plugin: args: []string{"packer-provisioner-file"}
2022/10/14 17:03:04 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:04 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:04 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:04 [TRACE] Starting internal plugin packer-provisioner-file
2022/10/14 17:03:04 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-provisioner-file"}
2022/10/14 17:03:04 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:04 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:04 packer.exe plugin: args: []string{"packer-provisioner-file"}
2022/10/14 17:03:04 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:04 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:04 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:04 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:04 [TRACE] Starting internal plugin packer-provisioner-file
2022/10/14 17:03:04 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-provisioner-file"}
2022/10/14 17:03:04 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:04 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:04 packer.exe plugin: args: []string{"packer-provisioner-file"}
2022/10/14 17:03:04 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:04 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:04 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:04 [TRACE] Starting internal plugin packer-provisioner-file
2022/10/14 17:03:04 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-provisioner-file"}
2022/10/14 17:03:04 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:04 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:04 packer.exe plugin: args: []string{"packer-provisioner-file"}
2022/10/14 17:03:04 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:04 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:04 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:04 [TRACE] Starting internal plugin packer-provisioner-file
2022/10/14 17:03:04 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-provisioner-file"}
2022/10/14 17:03:04 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:04 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:04 packer.exe plugin: args: []string{"packer-provisioner-file"}
2022/10/14 17:03:04 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:04 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:04 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:04 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:04 [TRACE] Starting internal plugin packer-provisioner-file
2022/10/14 17:03:04 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-provisioner-file"}
2022/10/14 17:03:04 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:04 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:04 packer.exe plugin: args: []string{"packer-provisioner-file"}
2022/10/14 17:03:04 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:04 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:04 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:04 [TRACE] Starting internal plugin packer-provisioner-file
2022/10/14 17:03:04 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-provisioner-file"}
2022/10/14 17:03:04 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:04 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:04 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:04 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:04 packer.exe plugin: args: []string{"packer-provisioner-file"}
2022/10/14 17:03:04 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:04 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:04 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:04 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:04 [TRACE] Starting internal plugin packer-provisioner-shell
2022/10/14 17:03:04 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-provisioner-shell"}
2022/10/14 17:03:04 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:05 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:05 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:05 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:05 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:05 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:05 packer.exe plugin: args: []string{"packer-provisioner-shell"}
2022/10/14 17:03:05 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:05 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:05 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:05 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:05 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:05 [TRACE] Starting internal plugin packer-post-processor-manifest
2022/10/14 17:03:05 Starting plugin: C:\ProgramData\chocolatey\bin\packer.exe []string{"C:\\ProgramData\\chocolatey\\bin\\packer.exe", "plugin", "packer-post-processor-manifest"}
2022/10/14 17:03:05 Waiting for RPC address for: C:\ProgramData\chocolatey\bin\packer.exe
2022/10/14 17:03:05 packer.exe plugin: [INFO] Packer version: 1.8.3 [go1.17.11 windows 386]
2022/10/14 17:03:05 packer.exe plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2022/10/14 17:03:05 packer.exe plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:05 packer.exe plugin: [WARN] Config file doesn't exist: C:\Users\userid\AppData\Roaming\packer.config
2022/10/14 17:03:05 packer.exe plugin: [INFO] Setting cache directory: C:\directory\ami-as-code\oracle-linux-8\packer_cache
2022/10/14 17:03:05 packer.exe plugin: args: []string{"packer-post-processor-manifest"}
2022/10/14 17:03:05 packer.exe plugin: Plugin port range: [10000,25000]
2022/10/14 17:03:05 packer.exe plugin: Plugin address: tcp 127.0.0.1:10000
2022/10/14 17:03:05 Received tcp RPC address for C:\ProgramData\chocolatey\bin\packer.exe: addr is 127.0.0.1:10000
2022/10/14 17:03:05 packer.exe plugin: Waiting for connection...
2022/10/14 17:03:05 packer.exe plugin: Serving a plugin connection...
2022/10/14 17:03:05 Build debug mode: false
2022/10/14 17:03:05 Force build: false
2022/10/14 17:03:05 On error:
2022/10/14 17:03:05 Waiting on builds to complete...
2022/10/14 17:03:05 Starting build run: amazon-ebs.oracle-linux-8
2022/10/14 17:03:05 Running builder:
2022/10/14 17:03:05 [INFO] (telemetry) Starting builder amazon-ebs.oracle-linux-8
2022/10/14 17:03:05 packer.exe plugin: [INFO] AWS Auth provider used: "EnvProvider"
2022/10/14 17:03:05 packer.exe plugin: Found region eu-central-1
2022/10/14 17:03:05 packer.exe plugin: [INFO] AWS Auth provider used: "EnvProvider"
amazon-ebs.oracle-linux-8: output will be in this color.
==> amazon-ebs.oracle-linux-8: Prevalidating any provided VPC information
==> amazon-ebs.oracle-linux-8: Prevalidating AMI Name: [Customer] Oracle Linux 8 (x86_64) - 20221014T160303Z
2022/10/14 17:03:06 packer.exe plugin: Using AMI Filters {
2022/10/14 17:03:06 packer.exe plugin: Filters: [{
2022/10/14 17:03:06 packer.exe plugin: Name: "name",
2022/10/14 17:03:06 packer.exe plugin: Values: ["OL8*-x86_64-HVM-*"]
2022/10/14 17:03:06 packer.exe plugin: },{
2022/10/14 17:03:06 packer.exe plugin: Name: "root-device-type",
2022/10/14 17:03:06 packer.exe plugin: Values: ["ebs"]
2022/10/14 17:03:06 packer.exe plugin: },{
2022/10/14 17:03:06 packer.exe plugin: Name: "virtualization-type",
2022/10/14 17:03:06 packer.exe plugin: Values: ["hvm"]
2022/10/14 17:03:06 packer.exe plugin: }],
2022/10/14 17:03:06 packer.exe plugin: Owners: ["131827586825"]
2022/10/14 17:03:06 packer.exe plugin: }
amazon-ebs.oracle-linux-8: Found Image ID: ami-059d20a9c4cb68026
2022/10/14 17:03:06 packer.exe plugin: [INFO] Finding AZ and VpcId for the given subnet 'subnet-12345678'
2022/10/14 17:03:06 packer.exe plugin: [INFO] AvailabilityZone found: 'eu-central-1a'
==> amazon-ebs.oracle-linux-8: Creating temporary keypair: packer_63498838-9511-16a5-656f-ce7a0aead902
2022/10/14 17:03:06 packer.exe plugin: [INFO] VpcId found: 'vpc-45456767'
2022/10/14 17:03:07 packer.exe plugin: Using specified security groups: [sg-12345678]
==> amazon-ebs.oracle-linux-8: Launching a source AWS instance...
amazon-ebs.oracle-linux-8: Adding tag: "Build Region": "eu-central-1"
amazon-ebs.oracle-linux-8: Adding tag: "Name": "Packer Builder - [Customer] Oracle Linux 8 (x86_64) - 20221014T160303Z"
amazon-ebs.oracle-linux-8: Adding tag: "OS Name": "Oracle Linux"
amazon-ebs.oracle-linux-8: Adding tag: "OS Version": "8"
amazon-ebs.oracle-linux-8: Adding tag: "Build Timestamp": "20221014T160303Z"
amazon-ebs.oracle-linux-8: Adding tag: "Target Regions": "eu-central-1"
amazon-ebs.oracle-linux-8: Adding tag: "Source AMI Creation Date": "2022-05-27T11:46:28.000Z"
amazon-ebs.oracle-linux-8: Adding tag: "Source AMI ID": "ami-059d20a9c4cb68026"
amazon-ebs.oracle-linux-8: Adding tag: "OS Arch": "x86_64"
amazon-ebs.oracle-linux-8: Adding tag: "Source AMI Name": "OL8.6-x86_64-HVM-2022-05-19"
amazon-ebs.oracle-linux-8: Adding tag: "Source AMI Creation Date": "2022-05-27T11:46:28.000Z"
amazon-ebs.oracle-linux-8: Adding tag: "Build Region": "eu-central-1"
amazon-ebs.oracle-linux-8: Adding tag: "OS Version": "8"
amazon-ebs.oracle-linux-8: Adding tag: "Name": "Packer Builder - [Customer] Oracle Linux 8 (x86_64) - 20221014T160303Z"
amazon-ebs.oracle-linux-8: Adding tag: "Source AMI Name": "OL8.6-x86_64-HVM-2022-05-19"
amazon-ebs.oracle-linux-8: Adding tag: "Build Timestamp": "20221014T160303Z"
amazon-ebs.oracle-linux-8: Adding tag: "OS Arch": "x86_64"
amazon-ebs.oracle-linux-8: Adding tag: "OS Name": "Oracle Linux"
amazon-ebs.oracle-linux-8: Adding tag: "Source AMI ID": "ami-059d20a9c4cb68026"
amazon-ebs.oracle-linux-8: Adding tag: "Target Regions": "eu-central-1"
==> amazon-ebs.oracle-linux-8: status code: 403, request id: a450f39b-0676-4ed6-9068-1e2cd5ccbe70
==> amazon-ebs.oracle-linux-8: Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: nwq907YVpzYX_PetoTgwyisnhqdQ_US6PMskYzRlweAj4hRjS14Nu0OuCtiKIu4RUigeKZkAcaSQZ8aDIiKUiFUjneObtPGjuweVrJ8bYAxtlRQZBGbWuPYlfs40SnU5J0BKtIJmmFgy81lxdQ8wf_O6_Caz18t4ablFVb_DwmL7kLpkueNz72-kB_UzttuybRFb6r7hTWBKg2DQnxw3VQf8gdP46rrEWYPRK2habEA0JQuYM1B360QjDTYU-jiBbrHMAmjY2kyRm7RB_u_1Uxgq2JhATm_qQ7-Ec5eFQPaxfKcWfx1qjXNBpjXMh36HTRIY3O0Rn0G7o5D4K9T-NkuzxncGbYl-2Bkbk2F4aAgcVUCY4lR0ieMq9z0N2zqj2XHJXmtE9DRnprbp7nWmQtElcrnpB4pbrRrAsT85_SaZ2Fco9m6dDR5TTd2UhiGkgTgSiwir97f7rp-lV9dyywHDGMzcF8sH94yA5_6XiVQNFHlIcpcemTPJhHa1oONWsbgK_3vtgIjxNQfoLXk_fjloJz1IvxhfAnuMYomNoFguEC-uynVkSGxFHcNwa6YI91eeVJCeiTiHZrKKq9HfL6-37Hp9rgEmxC9YS2p1rrPcjxWpM9xM_YP1H3nGOBkq2MGaZ7tkVQCRkbYk5ig301blM3wqRISgBdfghYyeGFMvLNMlMEgp2UZfP-CHy1uu35w4b3_kcueDwFYd8pEKjYXRoMXvQLjh1hTn12hfqp8fz4GD7tYSrwwH5vIv-G42gaIsWRzUQOwLT-eSIEFUPzZpZgT9rsD4Vv8e5sD44H87vyYzNzUV0rAIFKASNQ8oVHc8W6FzCb61_cbR_XdcmLMP50XrJcBpIHztCQv-
==> amazon-ebs.oracle-linux-8: status code: 403, request id: a450f39b-0676-4ed6-9068-1e2cd5ccbe70
==> amazon-ebs.oracle-linux-8: No volumes to clean up, skipping
==> amazon-ebs.oracle-linux-8: Deleting temporary keypair...
2022/10/14 17:03:07 [INFO] (telemetry) ending amazon-ebs.oracle-linux-8
status code: 403, request id: a450f39b-0676-4ed6-9068-1e2cd5ccbe70
==> Wait completed after 2 seconds 772 milliseconds
2022/10/14 17:03:07 machine readable: error-count []string{"1"}
==> Some builds didn't complete successfully and had errors:
2022/10/14 17:03:07 machine readable: amazon-ebs.oracle-linux-8,error []string{"Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: nwq907YVpzYX_PetoTgwyisnhqdQ_US6PMskYzRlweAj4hRjS14Nu0OuCtiKIu4RUigeKZkAcaSQZ8aDIiKUiFUjneObtPGjuweVrJ8bYAxtlRQZBGbWuPYlfs40SnU5J0BKtIJmmFgy81lxdQ8wf_O6_Caz18t4ablFVb_DwmL7kLpkueNz72-kB_UzttuybRFb6r7hTWBKg2DQnxw3VQf8gdP46rrEWYPRK2habEA0JQuYM1B360QjDTYU-jiBbrHMAmjY2kyRm7RB_u_1Uxgq2JhATm_qQ7-Ec5eFQPaxfKcWfx1qjXNBpjXMh36HTRIY3O0Rn0G7o5D4K9T-NkuzxncGbYl-2Bkbk2F4aAgcVUCY4lR0ieMq9z0N2zqj2XHJXmtE9DRnprbp7nWmQtElcrnpB4pbrRrAsT85_SaZ2Fco9m6dDR5TTd2UhiGkgTgSiwir97f7rp-lV9dyywHDGMzcF8sH94yA5_6XiVQNFHlIcpcemTPJhHa1oONWsbgK_3vtgIjxNQfoLXk_fjloJz1IvxhfAnuMYomNoFguEC-uynVkSGxFHcNwa6YI91eeVJCeiTiHZrKKq9HfL6-37Hp9rgEmxC9YS2p1rrPcjxWpM9xM_YP1H3nGOBkq2MGaZ7tkVQCRkbYk5ig301blM3wqRISgBdfghYyeGFMvLNMlMEgp2UZfP-CHy1uu35w4b3_kcueDwFYd8pEKjYXRoMXvQLjh1hTn12hfqp8fz4GD7tYSrwwH5vIv-G42gaIsWRzUQOwLT-eSIEFUPzZpZgT9rsD4Vv8e5sD44H87vyYzNzUV0rAIFKASNQ8oVHc8W6FzCb61_cbR_XdcmLMP50XrJcBpIHztCQv-\n\tstatus code: 403, request id: a450f39b-0676-4ed6-9068-1e2cd5ccbe70"}
Build 'amazon-ebs.oracle-linux-8' errored after 2 seconds 772 milliseconds: Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: <REDACTED>
status code: 403, request id: a450f39b-0676-4ed6-9068-1e2cd5ccbe70
status code: 403, request id: a450f39b-0676-4ed6-9068-1e2cd5ccbe70
==> Builds finished but no artifacts were created.
2022/10/14 17:03:07 [INFO] (telemetry) Finalizing.
==> Wait completed after 2 seconds 772 milliseconds
==> Some builds didn't complete successfully and had errors:
--> amazon-ebs.oracle-linux-8: Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: <REDACTED>
status code: 403, request id: a450f39b-0676-4ed6-9068-1e2cd5ccbe70
==> Builds finished but no artifacts were created.
2022/10/14 17:03:08 waiting for all plugin processes to complete...
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
2022/10/14 17:03:08 C:\ProgramData\chocolatey\bin\packer.exe: plugin process exited
When decoding the 403 Error message with STS we get to know that indeed there's an SCP not allowing ec2:RunInstances if the API call does not explicitly contain the attribute not to assign a public IP address:
{
"DecodedMessage":
{
"allowed": false,
"explicitDeny": true,
"matchedStatements":
{
"items":
[
{
"statementId": "DenyPublicIPEC2WhenMissingAssociatePublicIpAddress",
"effect": "DENY",
"principals":
{
"items":
[
{
"value": "ABCD1234ABCD1234"
}
]
},
"principalGroups":
{
"items":
[]
},
"actions":
{
"items":
[
{
"value": "ec2:RunInstances"
}
]
},
"resources":
{
"items":
[
{
"value": "arn:aws:ec2:*:*:network-interface/*"
}
]
},
"conditions":
{
"items":
[
{
"key": "ec2:AssociatePublicIpAddress",
"values":
{
"items":
[
{
"value": "true"
}
]
}
}
]
}
}
]
},
"failures":
{
"items":
[]
},
"context":
{
"principal":
{
"id": "ABCD1234ABCD1234:userid",
"arn": "arn:aws:sts::56785678:assumed-role/role_name/userid"
},
"action": "ec2:RunInstances",
"resource": "arn:aws:ec2:eu-central-1:56785678:network-interface/*",
"conditions":
{
"items":
[
{
"key": "ec2:Vpc",
"values":
{
"items":
[
{
"value": "arn:aws:ec2:eu-central-1:56785678:vpc/vpc-12341234"
}
]
}
},
{
"key": "ec2:NetworkInterfaceID",
"values":
{
"items":
[
{
"value": "*"
}
]
}
},
{
"key": "aws:Resource",
"values":
{
"items":
[
{
"value": "network-interface/*"
}
]
}
},
{
"key": "aws:Account",
"values":
{
"items":
[
{
"value": "56785678"
}
]
}
},
{
"key": "ec2:AvailabilityZone",
"values":
{
"items":
[
{
"value": "eu-central-1a"
}
]
}
},
{
"key": "ec2:IsLaunchTemplateResource",
"values":
{
"items":
[
{
"value": "false"
}
]
}
},
{
"key": "aws:Region",
"values":
{
"items":
[
{
"value": "eu-central-1"
}
]
}
},
{
"key": "aws:Service",
"values":
{
"items":
[
{
"value": "ec2"
}
]
}
},
{
"key": "ec2:Subnet",
"values":
{
"items":
[
{
"value": "arn:aws:ec2:eu-central-1:56785678:subnet/subnet-1234abcd"
}
]
}
},
{
"key": "aws:Type",
"values":
{
"items":
[
{
"value": "network-interface"
}
]
}
},
{
"key": "ec2:Region",
"values":
{
"items":
[
{
"value": "eu-central-1"
}
]
}
},
{
"key": "aws:ARN",
"values":
{
"items":
[
{
"value": "arn:aws:ec2:eu-central-1:56785678:network-interface/*"
}
]
}
}
]
}
}
}
}
In order to confirm this behaviour, I monitored Cloudtrail and found out that despite setting assign_public_ip_address in the EBS Source packer builder, the API call (requestParameters Object) did not include that:
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "ABCD:user",
"arn": "arn:aws:sts::12345678:assumed-role/AWSReservedSSO_ALZP-WL-Owner_23c018da2d675a5b/user",
"accountId": "12345678",
"accessKeyId": "ABCD",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROA246JDOTKFOTIYBO3D",
"arn": "arn:aws:iam::12345678:role/aws-reserved/sso.amazonaws.com/eu-west-1/username",
"accountId": "12345678",
"userName": "username"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2022-10-14T15:54:56Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2022-10-14T16:03:08Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "RunInstances",
"awsRegion": "eu-central-1",
"sourceIPAddress": "86.151.246.20",
"userAgent": "APN/1.0 HashiCorp/1.0 packer-plugin-amazon/1.1.2 (+https://www.packer.io/docs/builders/amazon) Packer/1.8.3 (+https://www.packer.io) aws-sdk-go/1.42.29 (go1.17.11; windows; 386)",
"errorCode": "Client.UnauthorizedOperation",
"errorMessage": "You are not authorized to perform this operation. Encoded authorization failure message: <REDACTED>",
"requestParameters": {
"instancesSet": {
"items": [
{
"imageId": "ami-059d20a9c4cb68026",
"minCount": 1,
"maxCount": 1,
"keyName": "packer_abcd"
}
]
},
"groupSet": {
"items": [
{
"groupId": "sg-12345678"
}
]
},
"userData": "<sensitiveDataRemoved>",
"instanceType": "c5.large",
"blockDeviceMapping": {
"items": [
{
"deviceName": "/dev/sda1",
"ebs": {
"volumeSize": 60,
"deleteOnTermination": true,
"volumeType": "gp3",
"encrypted": true,
"kmsKeyId": "1234-abcd",
"throughput": 125
}
}
]
},
"availabilityZone": "eu-central-1a",
"monitoring": {
"enabled": false
},
"subnetId": "subnet-1234abcd",
"disableApiTermination": false,
"disableApiStop": false,
"instanceInitiatedShutdownBehavior": "stop",
"clientToken": "ABCD-123AD-AS",
"iamInstanceProfile": {},
"ebsOptimized": false,
"tagSpecificationSet": {
"items": [
{
"resourceType": "instance",
"tags": [
{
"key": "Build Region",
"value": "eu-central-1"
},
{
"key": "Name",
"value": "Packer Builder - [Customer] Oracle Linux 8 (x86_64) - 20221014T160303Z"
},
{
"key": "OS Name",
"value": "Oracle Linux"
},
{
"key": "OS Version",
"value": "8"
},
{
"key": "Build Timestamp",
"value": "20221014T160303Z"
},
{
"key": "Target Regions",
"value": "eu-central-1"
},
{
"key": "Source AMI Creation Date",
"value": "2022-05-27T11:46:28.000Z"
},
{
"key": "Source AMI ID",
"value": "ami-059d20a9c4cb68026"
},
{
"key": "OS Arch",
"value": "x86_64"
},
{
"key": "Source AMI Name",
"value": "OL8.6-x86_64-HVM-2022-05-19"
}
]
},
{
"resourceType": "volume",
"tags": [
{
"key": "Source AMI Creation Date",
"value": "2022-05-27T11:46:28.000Z"
},
{
"key": "Build Region",
"value": "eu-central-1"
},
{
"key": "OS Version",
"value": "8"
},
{
"key": "Name",
"value": "Packer Builder - [Customer] Oracle Linux 8 (x86_64) - 20221014T160303Z"
},
{
"key": "Source AMI Name",
"value": "OL8.6-x86_64-HVM-2022-05-19"
},
{
"key": "Build Timestamp",
"value": "20221014T160303Z"
},
{
"key": "OS Arch",
"value": "x86_64"
},
{
"key": "OS Name",
"value": "Oracle Linux"
},
{
"key": "Source AMI ID",
"value": "ami-059d20a9c4cb68026"
},
{
"key": "Target Regions",
"value": "eu-central-1"
}
]
}
]
},
"metadataOptions": {
"httpTokens": "optional",
"httpPutResponseHopLimit": 1,
"httpEndpoint": "enabled"
}
},
"responseElements": null,
"requestID": "1234",
"eventID": "1234",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "12345678",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ABCDE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "ec2.eu-central-1.amazonaws.com"
}
}
Reproduction Steps
please see above.
Packer version
1.8.3
Simplified Packer Template
Any EBS Source builder with associate_public_ip_address = false attribute.
Operating system and Environment details
Windows
Log Fragments and crash.log files
see above.
