packer-plugin-amazon icon indicating copy to clipboard operation
packer-plugin-amazon copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Allow for custom Temporary IAM Instance Prefixes

Open dlm6693 opened this issue 1 year ago • 0 comments

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request. If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Description

At the moment, when generating temporary IAM instance resources (keypairs, security groups, roles, profiles etc.), the name of the generated resources is always prefixed with packer followed by a - or _ then a UUID. It would be useful to either:

A. Provide a complete custom name for each resource. Since these are temporary and should be cleaned up after execution, there should not be concern about naming collision. However, if this could be a some sort of security risk then: B. Provide a custom prefix for each resource.

Use Case(s)

Providing IAM permissions to a subset of resources each containing a given prefix.

Potential configuration

Could be called something like TemporaryIamInstanceConfig or TemporaryIamInstancePrefix if the prefix must be consisent for all temporary resources.

type StepIamInstanceProfile struct {
	PollingConfig                             *AWSPollingConfig
	IamInstanceProfile                        string
	SkipProfileValidation                     bool
        TemporaryIamInstancePrefix                string
	TemporaryIamInstanceProfilePolicyDocument *PolicyDocument
	createdInstanceProfileName                string
	createdRoleName                           string
	createdPolicyName                         string
	roleIsAttached                            bool
	Tags                                      map[string]string
	Ctx                                       interpolate.Context
}
...
if s.TemporaryIamInstanceProfilePolicyDocument != nil {
	// Create the profile
	iamInstancePrefix := "packer"
	if s.TemporaryIamInstancePrefix != nil {
		iamInstancePrefix = *s.TemporaryIamInstancePrefix
	}
	profileName := fmt.Sprintf("%s-%s", iamInstancePrefix, uuid.TimeOrderedUUID())

Potential References

https://github.com/hashicorp/packer-plugin-amazon/blob/main/builder/common/step_iam_instance_profile.go#L60

dlm6693 avatar Jul 23 '24 17:07 dlm6693