-
Notifications
You must be signed in to change notification settings - Fork 111
/
amazon-eks-al2.pkr.hcl
290 lines (243 loc) · 12.2 KB
/
amazon-eks-al2.pkr.hcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
locals {
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
ami_name = "${var.ami_name_prefix}-${var.eks_version}-${local.timestamp}"
tags = {
SourceAMI = "{{ .SourceAMI }}"
Name = local.ami_name
}
}
data "amazon-parameterstore" "this" {
name = "/aws/service/eks/optimized-ami/${var.eks_version}/${var.ami_type}/recommended/image_id"
region = var.region
}
################################################################################
# EBS Source
################################################################################
source "amazon-ebs" "this" {
# AMI Configuration
dynamic "ami_block_device_mappings" {
for_each = var.ami_block_device_mappings
content {
delete_on_termination = try(ami_block_device_mappings.value.delete_on_termination, true)
device_name = try(ami_block_device_mappings.value.device_name, null)
encrypted = try(ami_block_device_mappings.value.encrypted, null)
iops = try(ami_block_device_mappings.value.iops, null)
no_device = try(ami_block_device_mappings.value.no_device, null)
snapshot_id = try(ami_block_device_mappings.value.snapshot_id, null)
throughput = try(ami_block_device_mappings.value.throughput, null)
virtual_name = try(ami_block_device_mappings.value.virtual_name, null)
volume_size = try(ami_block_device_mappings.value.volume_size, null)
volume_type = try(ami_block_device_mappings.value.volume_type, "gp3")
kms_key_id = try(ami_block_device_mappings.value.kms_key_id, null)
}
}
ami_description = var.ami_description
ami_groups = var.ami_groups
ami_name = local.ami_name
ami_org_arns = var.ami_org_arns
ami_ou_arns = var.ami_ou_arns
ami_regions = var.ami_regions
ami_users = var.ami_users
ami_virtualization_type = var.ami_virtualization_type
deprecate_at = var.deprecate_at
ena_support = var.ena_support
encrypt_boot = var.encrypt_boot
force_deregister = var.force_deregister
force_delete_snapshot = var.force_delete_snapshot
imds_support = var.imds_support
kms_key_id = var.kms_key_id
dynamic "launch_block_device_mappings" {
for_each = length(var.launch_block_device_mappings) > 0 ? var.launch_block_device_mappings : var.ami_block_device_mappings
content {
delete_on_termination = try(launch_block_device_mappings.value.delete_on_termination, true)
device_name = try(launch_block_device_mappings.value.device_name, null)
encrypted = try(launch_block_device_mappings.value.encrypted, null)
iops = try(launch_block_device_mappings.value.iops, null)
no_device = try(launch_block_device_mappings.value.no_device, null)
snapshot_id = try(launch_block_device_mappings.value.snapshot_id, null)
throughput = try(launch_block_device_mappings.value.throughput, null)
virtual_name = try(launch_block_device_mappings.value.virtual_name, null)
volume_size = try(launch_block_device_mappings.value.volume_size, null)
volume_type = try(launch_block_device_mappings.value.volume_type, "gp3")
}
}
region_kms_key_ids = var.region_kms_key_ids
run_volume_tags = var.run_volume_tags
skip_region_validation = var.skip_region_validation
skip_save_build_region = var.skip_save_build_region
sriov_support = var.sriov_support
snapshot_groups = var.snapshot_groups
snapshot_tags = var.snapshot_tags
snapshot_users = var.snapshot_users
tags = merge(local.tags, var.tags)
# Access Configuration
access_key = var.access_key
dynamic "assume_role" {
for_each = length(var.assume_role) > 0 ? [var.assume_role] : []
content {
duration_seconds = try(assume_role.value.duration_seconds, null)
external_id = try(assume_role.value.external_id, null)
policy = try(assume_role.value.policy, null)
policy_arns = try(assume_role.value.policy_arns, null)
role_arn = try(assume_role.value.role_arn, null)
session_name = try(assume_role.value.session_name, null)
tag = try(assume_role.value.tag, null)
transitive_tag_keys = try(assume_role.value.transitive_tag_keys, null)
}
}
dynamic "aws_polling" {
for_each = length(var.aws_polling) > 0 ? [var.aws_polling] : []
content {
delay_seconds = try(aws_polling.value.delay_seconds, null)
max_attempts = try(aws_polling.value.max_attempts, null)
}
}
custom_endpoint_ec2 = var.custom_endpoint_ec2
decode_authorization_messages = var.decode_authorization_messages
insecure_skip_tls_verify = var.insecure_skip_tls_verify
max_retries = var.max_retries
mfa_code = var.mfa_code
profile = var.profile
region = var.region
secret_key = var.secret_key
shared_credentials_file = var.shared_credentials_file
skip_credential_validation = var.skip_credential_validation
skip_metadata_api_check = var.skip_metadata_api_check
token = var.token
# Communicator
communicator = var.communicator
pause_before_connecting = var.pause_before_connecting
ssh_agent_auth = var.ssh_agent_auth
ssh_bastion_agent_auth = var.ssh_bastion_agent_auth
ssh_bastion_certificate_file = var.ssh_bastion_certificate_file
ssh_bastion_host = var.ssh_bastion_host
ssh_bastion_interactive = var.ssh_bastion_interactive
ssh_bastion_password = var.ssh_bastion_password
ssh_bastion_port = var.ssh_bastion_port
ssh_bastion_private_key_file = var.ssh_bastion_private_key_file
ssh_bastion_username = var.ssh_bastion_username
ssh_ciphers = var.ssh_ciphers
ssh_certificate_file = var.ssh_certificate_file
ssh_clear_authorized_keys = var.ssh_clear_authorized_keys
ssh_disable_agent_forwarding = var.ssh_disable_agent_forwarding
ssh_file_transfer_method = var.ssh_file_transfer_method
ssh_handshake_attempts = var.ssh_handshake_attempts
ssh_host = var.ssh_host
ssh_interface = var.ssh_interface # "public_dns"
ssh_keep_alive_interval = var.ssh_keep_alive_interval
ssh_key_exchange_algorithms = var.ssh_key_exchange_algorithms
ssh_keypair_name = var.ssh_keypair_name
ssh_local_tunnels = var.ssh_local_tunnels
ssh_password = var.ssh_password
ssh_port = var.ssh_port
ssh_private_key_file = var.ssh_private_key_file
ssh_proxy_host = var.ssh_proxy_host
ssh_proxy_password = var.ssh_proxy_password
ssh_proxy_port = var.ssh_proxy_port
ssh_proxy_username = var.ssh_proxy_username
ssh_pty = var.ssh_pty
ssh_read_write_timeout = var.ssh_read_write_timeout
ssh_remote_tunnels = var.ssh_remote_tunnels
ssh_timeout = var.ssh_timeout
ssh_username = var.ssh_username
temporary_key_pair_bits = var.temporary_key_pair_bits
temporary_key_pair_type = var.temporary_key_pair_type
# Run Configuration
associate_public_ip_address = var.associate_public_ip_address
capacity_reservation_preference = var.capacity_reservation_preference
capacity_reservation_group_arn = var.capacity_reservation_group_arn
capacity_reservation_id = var.capacity_reservation_id
disable_stop_instance = var.disable_stop_instance
ebs_optimized = var.ebs_optimized
enable_nitro_enclave = var.enable_nitro_enclave
enable_unlimited_credits = var.enable_unlimited_credits
iam_instance_profile = var.iam_instance_profile
instance_type = var.instance_type
fleet_tags = var.fleet_tags
pause_before_ssm = var.pause_before_ssm
dynamic "placement" {
for_each = length(var.placement) > 0 ? [var.placement] : []
content {
host_resource_group_arn = try(placement.value.host_resource_group_arn, null)
tenancy = try(placement.value.tenancy, null)
}
}
run_tags = merge(local.tags, var.run_tags)
security_group_ids = var.security_group_ids
dynamic "security_group_filter" {
for_each = length(var.security_group_filter) > 0 ? var.security_group_filter : []
content {
filters = try(security_group_filter.value.filters, null)
}
}
session_manager_port = var.session_manager_port
shutdown_behavior = var.shutdown_behavior
skip_profile_validation = var.skip_profile_validation
source_ami = data.amazon-parameterstore.this.value
dynamic "subnet_filter" {
for_each = length(var.subnet_filter) > 0 ? var.subnet_filter : []
content {
filters = try(subnet_filter.value.filters, null)
most_free = try(subnet_filter.value.most_free, null)
random = try(subnet_filter.value.random, null)
}
}
subnet_id = var.subnet_id
temporary_security_group_source_cidrs = var.temporary_security_group_source_cidrs
temporary_security_group_source_public_ip = var.temporary_security_group_source_public_ip
user_data = var.user_data
user_data_file = var.user_data_file
dynamic "vpc_filter" {
for_each = length(var.vpc_filter) > 0 ? var.vpc_filter : []
content {
filters = try(vpc_filter.value.filters, null)
}
}
vpc_id = var.vpc_id
dynamic "metadata_options" {
for_each = length(var.metadata_options) > 0 ? [var.metadata_options] : []
content {
http_endpoint = try(metadata_options.value.http_endpoint, null)
http_put_response_hop_limit = try(metadata_options.value.http_put_response_hop_limit, null)
http_tokens = try(metadata_options.value.http_tokens, null)
instance_metadata_tags = try(metadata_options.value.instance_metadata_tags, null)
}
}
}
################################################################################
# Build
################################################################################
build {
name = var.ami_name_prefix
sources = ["source.amazon-ebs.this"]
provisioner "shell" {
execute_command = "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'"
inline = try(var.shell_provisioner1.inline, null)
script = try(var.shell_provisioner1.script, null)
scripts = try(var.shell_provisioner1.scripts, ["scripts/dummy.sh"])
env = try(var.shell_provisioner1.env, null)
environment_vars = try(var.shell_provisioner1.environment_vars, null)
expect_disconnect = try(var.shell_provisioner1.expect_disconnect, false)
pause_after = try(var.shell_provisioner1.pause_after, "15s")
}
provisioner "shell" {
execute_command = "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'"
inline = try(var.shell_provisioner2.inline, null)
script = try(var.shell_provisioner2.script, null)
scripts = try(var.shell_provisioner2.scripts, ["scripts/dummy.sh"])
env = try(var.shell_provisioner2.env, null)
environment_vars = try(var.shell_provisioner2.environment_vars, null)
expect_disconnect = try(var.shell_provisioner2.expect_disconnect, false)
pause_after = try(var.shell_provisioner2.pause_after, "15s")
}
provisioner "shell" {
execute_command = "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'"
inline = try(var.shell_provisioner3.inline, null)
script = try(var.shell_provisioner3.script, null)
scripts = try(var.shell_provisioner3.scripts, ["scripts/dummy.sh"])
env = try(var.shell_provisioner3.env, null)
environment_vars = try(var.shell_provisioner3.environment_vars, null)
expect_disconnect = try(var.shell_provisioner3.expect_disconnect, false)
pause_after = try(var.shell_provisioner3.pause_after, "15s")
}
}