AWS_AMI_SETUP.md

Setup to build AWS AMI

1. Create AWS access keys
2. Create AWS EC2 Key Pair
3. (Optional) Set AWS Multi-factor authentication (MFA) credentials

Create AWS access keys

🤔 When creating an AWS AMI, an AWS access key is needed by Packer to access the account. This information is usually kept in ~/.aws/credentials and is accessed by the Packer amazon-ebs builder.

1. Create Access keys for CLI, SDK, & API access.

2. Method #1: Use the aws command line interface to create ~/.aws/credentials. Supply the information when prompted. Example:

   $ aws configure
   
   AWS Access Key ID:
   AWS Secret Access Key:
   Default region name [us-east-1]:
   Default output format [json]:

3. Method #2: ✏️ Manually create a ~/.aws/credentials file. Example:

   mkdir ~/.aws
   
   cat <<EOT > ~/.aws/credentials
   [default]
   aws_access_key_id = AAAAAAAAAAAAAAAAAAAA
   aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   EOT
   
   chmod 770 ~/.aws
   chmod 750 ~/.aws/credentials

4. References:

   1. Packer using AWS authentication

Create AWS EC2 Key Pair

🤔 When creating an AWS AMI, a EC2 key pair is required by Packer to access the EC2 instance that is used to create the AMI. With access, Packer is able to run provisioners such as Ansible on the EC2 instance

1. Create EC2 key pair

2. Add key pair to custom-var.json

{
  "aws_ssh_keypair_name": "packer-key",
  "aws_ssh_private_key_file": "~/packer-key.pem",
}

(Optional) Set AWS Multi-factor authentication (MFA) credentials

🤔 If the AWS account is setup with multi-factor authentication, a new set of access key id, key and session token has to generated ephemerally for packer to build the AMI.

Do follow the AWS MFA guide to setup the credentials required to build AMI.