packer-plugin-amazon icon indicating copy to clipboard operation
packer-plugin-amazon copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

amazon-ebs builder does not accept "/" in instanceProfileName

Open ghost opened this issue 4 years ago • 2 comments

This issue was originally opened by @yogeek as hashicorp/packer#10024. It was migrated here as a result of the Packer plugin split. The original body of the issue is below.

Overview of the Issue

When trying to create an AWS AMI with an instance profile ARN with a path (containing "/" characters) like arn:aws-cn:iam::$ACCOUNT_ID:instance-profile/foo/bar/test-profile, the following error occurs :

Couldn't find specified instance profile: ValidationError: 1 validation error detected: Value '/foo/bar/test-profile' at 'instanceProfileName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w+=,.@-]+

Reproduction Steps

Try to build an AWS AMI with the code provided in the Simplified Packer Buildfile section where iam_instance_profile value contains "/" characters : "iam_instance_profile": "/foo/bar/test-profile",

Packer version

Packer v1.6.4

Simplified Packer Buildfile

{
  "min_packer_version": "1.3.0",
  "variables": {
    "aws_region": "{{ env `AWS_DEFAULT_REGION` }}",
    "aws_profile": "{{ env `AWS_PROFILE` }}",
    [...]
  },
  "builders": [
    {
      "type": "amazon-ebs",
      "region": "{{user `aws_region`}}",
      "instance_type": "t3.micro",
      "associate_public_ip_address": true,
      "ssh_interface" : "public_ip",
      "iam_instance_profile": "/foo/bar/test-profile",
	  [...]

Log Fragments and crash.log files

2020/10/01 16:30:13 machine readable: error-count []string{"1"}
==> Some builds didn't complete successfully and had errors:
2020/10/01 16:30:13 machine readable: amazon-ebs,error []string{"Couldn't find specified instance profile: ValidationError: 1 validation error detected: Value '/foo/bar/test-profile' at 'instanceProfileName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\\w+=,.@-]+\n\tstatus code: 400, request id: bbc5a9f9-2be5-4ad1-80be-e319b953f7a5"}
	status code: 400, request id: bbc5a9f9-2be5-4ad1-80be-e319b953f7a5
==> Builds finished but no artifacts were created.
2020/10/01 16:30:13 [INFO] (telemetry) Finalizing.
Build 'amazon-ebs' errored after 20 seconds 62 milliseconds: Couldn't find specified instance profile: ValidationError: 1 validation error detected: Value '/foo/bar/test-profile' at 'instanceProfileName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w+=,.@-]+
	status code: 400, request id: bbc5a9f9-2be5-4ad1-80be-e319b953f7a5

==> Wait completed after 20 seconds 62 milliseconds

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Couldn't find specified instance profile: ValidationError: 1 validation error detected: Value '/foo/bar/test-profile' at 'instanceProfileName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w+=,.@-]+
	status code: 400, request id: bbc5a9f9-2be5-4ad1-80be-e319b953f7a5

ghost avatar Mar 29 '21 12:03 ghost

+1

realsby avatar Dec 21 '22 01:12 realsby

This issue can be closed. AWS does not allow creating profiles with "/" in their name.

For example from boto3 API for creating profile:

The name of the instance profile to create. This parameter allows (through its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

image

Glyphack avatar Jan 24 '23 21:01 Glyphack