github.com/StackPointCloud/packer@v0.10.2-0.20180716202532-b28098e0f79b/website/source/docs/builders/amazon-ebs.html.md (about) 1 --- 2 description: | 3 The amazon-ebs Packer builder is able to create Amazon AMIs backed by EBS 4 volumes for use in EC2. For more information on the difference between 5 EBS-backed instances and instance-store backed instances, see the storage for 6 the root device section in the EC2 documentation. 7 layout: docs 8 page_title: 'Amazon EBS - Builders' 9 sidebar_current: 'docs-builders-amazon-ebsbacked' 10 --- 11 12 # AMI Builder (EBS backed) 13 14 Type: `amazon-ebs` 15 16 The `amazon-ebs` Packer builder is able to create Amazon AMIs backed by EBS 17 volumes for use in [EC2](https://aws.amazon.com/ec2/). For more information on 18 the difference between EBS-backed instances and instance-store backed instances, 19 see the ["storage for the root device" section in the EC2 20 documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html#storage-for-the-root-device). 21 22 This builder builds an AMI by launching an EC2 instance from a source AMI, 23 provisioning that running machine, and then creating an AMI from that machine. 24 This is all done in your own AWS account. The builder will create temporary 25 keypairs, security group rules, etc. that provide it temporary access to the 26 instance while the image is being created. This simplifies configuration quite a 27 bit. 28 29 The builder does *not* manage AMIs. Once it creates an AMI and stores it in your 30 account, it is up to you to use, delete, etc. the AMI. 31 32 -> **Note:** Temporary resources are, by default, all created with the prefix 33 `packer`. This can be useful if you want to restrict the security groups and 34 key pairs Packer is able to operate on. 35 36 ## Configuration Reference 37 38 There are many configuration options available for the builder. They are 39 segmented below into two categories: required and optional parameters. Within 40 each category, the available configuration keys are alphabetized. 41 42 In addition to the options listed here, a 43 [communicator](/docs/templates/communicator.html) can be configured for this 44 builder. 45 46 ### Required: 47 48 - `access_key` (string) - The access key used to communicate with AWS. [Learn 49 how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials) 50 51 - `ami_name` (string) - The name of the resulting AMI that will appear when 52 managing AMIs in the AWS console or via APIs. This must be unique. To help 53 make this unique, use a function like `timestamp` (see [template 54 engine](/docs/templates/engine.html) for more info) 55 56 - `instance_type` (string) - The EC2 instance type to use while building the 57 AMI, such as `t2.small`. 58 59 - `region` (string) - The name of the region, such as `us-east-1`, in which to 60 launch the EC2 instance to create the AMI. 61 62 - `secret_key` (string) - The secret key used to communicate with AWS. [Learn 63 how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials) 64 65 - `source_ami` (string) - The initial AMI used as a base for the newly 66 created machine. `source_ami_filter` may be used instead to populate this 67 automatically. 68 69 ### Optional: 70 71 - `ami_block_device_mappings` (array of block device mappings) - Add one or 72 more [block device mappings](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) 73 to the AMI. These will be attached when booting a new instance from your 74 AMI. To add a block device during the Packer build see 75 `launch_block_device_mappings` below. Your options here may vary depending 76 on the type of VM you use. The block device mappings allow for the following 77 configuration: 78 79 - `delete_on_termination` (boolean) - Indicates whether the EBS volume is 80 deleted on instance termination. Default `false`. **NOTE**: If this 81 value is not explicitly set to `true` and volumes are not cleaned up by 82 an alternative method, additional volumes will accumulate after 83 every build. 84 85 - `device_name` (string) - The device name exposed to the instance (for 86 example, `/dev/sdh` or `xvdh`). Required when specifying `volume_size`. 87 88 - `encrypted` (boolean) - Indicates whether to encrypt the volume or not 89 90 - `iops` (number) - The number of I/O operations per second (IOPS) that the 91 volume supports. See the documentation on 92 [IOPs](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_EbsBlockDevice.html) 93 for more information 94 95 - `no_device` (boolean) - Suppresses the specified device included in the 96 block device mapping of the AMI 97 98 - `snapshot_id` (string) - The ID of the snapshot 99 100 - `virtual_name` (string) - The virtual device name. See the documentation on 101 [Block Device 102 Mapping](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BlockDeviceMapping.html) 103 for more information 104 105 - `volume_size` (number) - The size of the volume, in GiB. Required if not 106 specifying a `snapshot_id` 107 108 - `volume_type` (string) - The volume type. `gp2` for General Purpose (SSD) 109 volumes, `io1` for Provisioned IOPS (SSD) volumes, and `standard` for Magnetic 110 volumes 111 112 - `ami_description` (string) - The description to set for the 113 resulting AMI(s). By default this description is empty. This is a 114 [template engine](/docs/templates/engine.html), 115 see [Build template data](#build-template-data) for more information. 116 117 - `ami_groups` (array of strings) - A list of groups that have access to 118 launch the resulting AMI(s). By default no groups have permission to launch 119 the AMI. `all` will make the AMI publicly accessible. AWS currently doesn't 120 accept any value other than `all`. 121 122 - `ami_product_codes` (array of strings) - A list of product codes to 123 associate with the AMI. By default no product codes are associated with 124 the AMI. 125 126 - `ami_regions` (array of strings) - A list of regions to copy the AMI to. 127 Tags and attributes are copied along with the AMI. AMI copying takes time 128 depending on the size of the AMI, but will generally take many minutes. 129 130 - `ami_users` (array of strings) - A list of account IDs that have access to 131 launch the resulting AMI(s). By default no additional users other than the 132 user creating the AMI has permissions to launch it. 133 134 - `ami_virtualization_type` (string) - The type of virtualization for the AMI 135 you are building. This option must match the supported virtualization 136 type of `source_ami`. Can be `paravirtual` or `hvm`. 137 138 - `associate_public_ip_address` (boolean) - If using a non-default VPC, public 139 IP addresses are not provided by default. If this is toggled, your new 140 instance will get a Public IP. 141 142 - `availability_zone` (string) - Destination availability zone to launch 143 instance in. Leave this empty to allow Amazon to auto-assign. 144 145 - `custom_endpoint_ec2` (string) - This option is useful if you use a cloud 146 provider whose API is compatible with aws EC2. Specify another endpoint 147 like this `https://ec2.custom.endpoint.com`. 148 149 - `disable_stop_instance` (boolean) - Packer normally stops the build instance 150 after all provisioners have run. For Windows instances, it is sometimes 151 desirable to [run Sysprep](http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ami-create-standard.html) 152 which will stop the instance for you. If this is set to true, Packer *will not* 153 stop the instance but will assume that you will send the stop signal 154 yourself through your final provisioner. You can do this with a 155 [windows-shell provisioner](https://www.packer.io/docs/provisioners/windows-shell.html). 156 157 Note that Packer will still wait for the instance to be stopped, and failing 158 to send the stop signal yourself, when you have set this flag to `true`, 159 will cause a timeout. 160 161 Example of a valid shutdown command: 162 163 ``` json 164 { 165 "type": "windows-shell", 166 "inline": ["\"c:\\Program Files\\Amazon\\Ec2ConfigService\\ec2config.exe\" -sysprep"] 167 } 168 ``` 169 170 - `ebs_optimized` (boolean) - Mark instance as [EBS 171 Optimized](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html). 172 Default `false`. 173 174 - `ena_support` (boolean) - Enable enhanced networking (ENA but not SriovNetSupport) 175 on HVM-compatible AMIs. If true, add `ec2:ModifyInstanceAttribute` to your AWS IAM policy. 176 Note: you must make sure enhanced networking is enabled on your instance. See [Amazon's 177 documentation on enabling enhanced networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking). Default `false`. 178 179 - `enable_t2_unlimited` (boolean) - Enabling T2 Unlimited allows the source 180 instance to burst additional CPU beyond its available [CPU Credits] 181 (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-credits-baseline-concepts.html) 182 for as long as the demand exists. 183 This is in contrast to the standard configuration that only allows an 184 instance to consume up to its available CPU Credits. 185 See the AWS documentation for [T2 Unlimited] 186 (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-unlimited.html) 187 and the 'T2 Unlimited Pricing' section of the [Amazon EC2 On-Demand 188 Pricing](https://aws.amazon.com/ec2/pricing/on-demand/) document for more 189 information. 190 By default this option is disabled and Packer will set up a [T2 191 Standard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-std.html) 192 instance instead. 193 194 To use T2 Unlimited you must use a T2 instance type e.g. t2.micro. 195 Additionally, T2 Unlimited cannot be used in conjunction with Spot 196 Instances e.g. when the `spot_price` option has been configured. 197 Attempting to do so will cause an error. 198 199 !> **Warning!** Additional costs may be incurred by enabling T2 200 Unlimited - even for instances that would usually qualify for the 201 [AWS Free Tier](https://aws.amazon.com/free/). 202 203 - `force_deregister` (boolean) - Force Packer to first deregister an existing 204 AMI if one with the same name already exists. Default `false`. 205 206 - `force_delete_snapshot` (boolean) - Force Packer to delete snapshots associated with 207 AMIs, which have been deregistered by `force_deregister`. Default `false`. 208 209 - `encrypt_boot` (boolean) - Instruct packer to automatically create a copy of the 210 AMI with an encrypted boot volume (discarding the initial unencrypted AMI in the 211 process). Packer will always run this operation, even if the base 212 AMI has an encrypted boot volume to start with. Default `false`. 213 214 - `kms_key_id` (string) - The ID of the KMS key to use for boot volume encryption. 215 This only applies to the main `region`, other regions where the AMI will be copied 216 will be encrypted by the default EBS KMS key. 217 218 - `iam_instance_profile` (string) - The name of an [IAM instance 219 profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html) 220 to launch the EC2 instance with. 221 222 - `launch_block_device_mappings` (array of block device mappings) - Add one 223 or more block devices before the Packer build starts. If you add instance 224 store volumes or EBS volumes in addition to the root device volume, the 225 created AMI will contain block device mapping information for those 226 volumes. Amazon creates snapshots of the source instance's root volume and 227 any other EBS volumes described here. When you launch an instance from this 228 new AMI, the instance automatically launches with these additional volumes, 229 and will restore them from snapshots taken from the source instance. 230 231 - `mfa_code` (string) - The MFA [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) 232 code. This should probably be a user variable since it changes all the time. 233 234 - `profile` (string) - The profile to use in the shared credentials file for 235 AWS. See Amazon's documentation on [specifying 236 profiles](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-profiles) 237 for more details. 238 239 - `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to, 240 along with the custom kms key id to use for encryption for that region. 241 Keys must match the regions provided in `ami_regions`. If you just want to 242 encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`. 243 If you want a region to be encrypted with that region's default key ID, you can 244 use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`) 245 However, you cannot use default key IDs if you are using this in conjunction with 246 `snapshot_users` -- in that situation you must use custom keys. 247 248 - `run_tags` (object of key/value strings) - Tags to apply to the instance 249 that is *launched* to create the AMI. These tags are *not* applied to the 250 resulting AMI unless they're duplicated in `tags`. This is a 251 [template engine](/docs/templates/engine.html), 252 see [Build template data](#build-template-data) for more information. 253 254 - `run_volume_tags` (object of key/value strings) - Tags to apply to the volumes 255 that are *launched* to create the AMI. These tags are *not* applied to the 256 resulting AMI unless they're duplicated in `tags`. This is a 257 [template engine](/docs/templates/engine.html), 258 see [Build template data](#build-template-data) for more information. 259 260 - `security_group_id` (string) - The ID (*not* the name) of the security group 261 to assign to the instance. By default this is not set and Packer will 262 automatically create a new temporary security group to allow SSH access. 263 Note that if this is specified, you must be sure the security group allows 264 access to the `ssh_port` given below. 265 266 - `security_group_ids` (array of strings) - A list of security groups as 267 described above. Note that if this is specified, you must omit the 268 `security_group_id`. 269 270 - `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized 271 access to the instance, when packer is creating a temporary security group. 272 The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used 273 when `security_group_id` or `security_group_ids` is not specified. 274 275 - `shutdown_behavior` (string) - Automatically terminate instances on shutdown 276 in case Packer exits ungracefully. Possible values are "stop" and "terminate", 277 default is `stop`. 278 279 - `skip_region_validation` (boolean) - Set to true if you want to skip 280 validation of the region configuration option. Default `false`. 281 282 - `snapshot_groups` (array of strings) - A list of groups that have access to 283 create volumes from the snapshot(s). By default no groups have permission to create 284 volumes from the snapshot(s). `all` will make the snapshot publicly accessible. 285 286 - `snapshot_users` (array of strings) - A list of account IDs that have access to 287 create volumes from the snapshot(s). By default no additional users other than the 288 user creating the AMI has permissions to create volumes from the backing snapshot(s). 289 290 - `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot. 291 They will override AMI tags if already applied to snapshot. This is a 292 [template engine](/docs/templates/engine.html), 293 see [Build template data](#build-template-data) for more information. 294 295 - `source_ami_filter` (object) - Filters used to populate the `source_ami` field. 296 Example: 297 298 ``` json 299 { 300 "source_ami_filter": { 301 "filters": { 302 "virtualization-type": "hvm", 303 "name": "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*", 304 "root-device-type": "ebs" 305 }, 306 "owners": ["099720109477"], 307 "most_recent": true 308 } 309 } 310 ``` 311 312 This selects the most recent Ubuntu 16.04 HVM EBS AMI from Canonical. 313 NOTE: This will fail unless *exactly* one AMI is returned. In the above 314 example, `most_recent` will cause this to succeed by selecting the newest image. 315 316 - `filters` (map of strings) - filters used to select a `source_ami`. 317 NOTE: This will fail unless *exactly* one AMI is returned. 318 Any filter described in the docs for [DescribeImages](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html) 319 is valid. 320 321 - `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs. 322 This is helpful to limit the AMIs to a trusted third party, or to your own account. 323 324 - `most_recent` (boolean) - Selects the newest created image when true. 325 This is most useful for selecting a daily distro build. 326 327 You may set this in place of `source_ami` or in conjunction with it. If you 328 set this in conjunction with `source_ami`, the `source_ami` will be added to 329 the filter. The provided `source_ami` must meet all of the filtering criteria 330 provided in `source_ami_filter`; this pins the AMI returned by the filter, 331 but will cause Packer to fail if the `source_ami` does not exist. 332 333 - `spot_price` (string) - The maximum hourly price to pay for a spot instance 334 to create the AMI. Spot instances are a type of instance that EC2 starts 335 when the current spot price is less than the maximum price you specify. Spot 336 price will be updated based on available spot instance capacity and current 337 spot instance requests. It may save you some costs. You can set this to 338 `auto` for Packer to automatically discover the best spot price or to "0" 339 to use an on demand instance (default). 340 341 - `spot_price_auto_product` (string) - Required if `spot_price` is set 342 to `auto`. This tells Packer what sort of AMI you're launching to find the 343 best spot price. This must be one of: `Linux/UNIX`, `SUSE Linux`, `Windows`, 344 `Linux/UNIX (Amazon VPC)`, `SUSE Linux (Amazon VPC)`, `Windows (Amazon VPC)` 345 346 - `spot_tags` (object of key/value strings) - Requires `spot_price` to 347 be set. This tells Packer to apply tags to the spot request that is 348 issued. 349 350 - `sriov_support` (boolean) - Enable enhanced networking (SriovNetSupport but not ENA) 351 on HVM-compatible AMIs. If true, add `ec2:ModifyInstanceAttribute` to your AWS IAM 352 policy. Note: you must make sure enhanced networking is enabled on your instance. See [Amazon's 353 documentation on enabling enhanced networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking). 354 Default `false`. 355 356 - `ssh_keypair_name` (string) - If specified, this is the key that will be 357 used for SSH with the machine. The key must match a key pair name loaded 358 up into Amazon EC2. By default, this is blank, and Packer will 359 generate a temporary keypair unless 360 [`ssh_password`](/docs/templates/communicator.html#ssh_password) is used. 361 [`ssh_private_key_file`](/docs/templates/communicator.html#ssh_private_key_file) 362 or `ssh_agent_auth` must be specified when `ssh_keypair_name` is utilized. 363 364 - `ssh_agent_auth` (boolean) - If true, the local SSH agent will be used to 365 authenticate connections to the source instance. No temporary keypair will 366 be created, and the values of `ssh_password` and `ssh_private_key_file` will 367 be ignored. To use this option with a key pair already configured in the source 368 AMI, leave the `ssh_keypair_name` blank. To associate an existing key pair 369 in AWS with the source instance, set the `ssh_keypair_name` field to the name 370 of the key pair. 371 372 - `ssh_private_ip` (boolean) - No longer supported. See 373 [`ssh_interface`](#ssh_interface). A fixer exists to migrate. 374 375 - `ssh_interface` (string) - One of `public_ip`, `private_ip`, 376 `public_dns` or `private_dns`. If set, either the public IP address, 377 private IP address, public DNS name or private DNS name will used as the host for SSH. 378 The default behaviour if inside a VPC is to use the public IP address if available, 379 otherwise the private IP address will be used. If not in a VPC the public DNS name 380 will be used. Also works for WinRM. 381 382 Where Packer is configured for an outbound proxy but WinRM traffic should be direct, 383 `ssh_interface` must be set to `private_dns` and `<region>.compute.internal` included 384 in the `NO_PROXY` environment variable. 385 386 - `subnet_id` (string) - If using VPC, the ID of the subnet, such as 387 `subnet-12345def`, where Packer will launch the EC2 instance. This field is 388 required if you are using an non-default VPC. 389 390 - `tags` (object of key/value strings) - Tags applied to the AMI and 391 relevant snapshots. This is a 392 [template engine](/docs/templates/engine.html), 393 see [Build template data](#build-template-data) for more information. 394 395 - `temporary_key_pair_name` (string) - The name of the temporary key pair 396 to generate. By default, Packer generates a name that looks like 397 `packer_<UUID>`, where <UUID> is a 36 character unique identifier. 398 399 - `token` (string) - The access token to use. This is different from the 400 access key and secret key. If you're not sure what this is, then you 401 probably don't need it. This will also be read from the `AWS_SESSION_TOKEN` 402 environmental variable. 403 404 - `user_data` (string) - User data to apply when launching the instance. Note 405 that you need to be careful about escaping characters due to the templates 406 being JSON. It is often more convenient to use `user_data_file`, instead. 407 408 - `user_data_file` (string) - Path to a file that will be used for the user 409 data when launching the instance. 410 411 - `vpc_id` (string) - If launching into a VPC subnet, Packer needs the VPC ID 412 in order to create a temporary security group within the VPC. Requires `subnet_id` 413 to be set. If this field is left blank, Packer will try to get the VPC ID from the 414 `subnet_id`. 415 416 - `windows_password_timeout` (string) - The timeout for waiting for a Windows 417 password for Windows instances. Defaults to 20 minutes. Example value: `10m` 418 419 ## Basic Example 420 421 Here is a basic example. You will need to provide access keys, and may need to 422 change the AMI IDs according to what images exist at the time the template is run: 423 424 ``` json 425 { 426 "type": "amazon-ebs", 427 "access_key": "YOUR KEY HERE", 428 "secret_key": "YOUR SECRET KEY HERE", 429 "region": "us-east-1", 430 "source_ami": "ami-fce3c696", 431 "instance_type": "t2.micro", 432 "ssh_username": "ubuntu", 433 "ami_name": "packer-quick-start {{timestamp}}" 434 } 435 ``` 436 437 -> **Note:** Packer can also read the access key and secret access key from 438 environmental variables. See the configuration reference in the section above 439 for more information on what environmental variables Packer will look for. 440 441 Further information on locating AMI IDs and their relationship to instance types 442 and regions can be found in the AWS EC2 Documentation 443 [for Linux](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html) 444 or [for Windows](http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/finding-an-ami.html). 445 446 ## Accessing the Instance to Debug 447 448 If you need to access the instance to debug for some reason, run the builder 449 with the `-debug` flag. In debug mode, the Amazon builder will save the private 450 key in the current directory and will output the DNS or IP information as well. 451 You can use this information to access the instance as it is running. 452 453 ## AMI Block Device Mappings Example 454 455 Here is an example using the optional AMI block device mappings. Our 456 configuration of `launch_block_device_mappings` will expand the root volume 457 (`/dev/sda`) to 40gb during the build (up from the default of 8gb). With 458 `ami_block_device_mappings` AWS will attach additional volumes `/dev/sdb` and 459 `/dev/sdc` when we boot a new instance of our AMI. 460 461 ``` json 462 { 463 "type": "amazon-ebs", 464 "access_key": "YOUR KEY HERE", 465 "secret_key": "YOUR SECRET KEY HERE", 466 "region": "us-east-1", 467 "source_ami": "ami-fce3c696", 468 "instance_type": "t2.micro", 469 "ssh_username": "ubuntu", 470 "ami_name": "packer-quick-start {{timestamp}}", 471 "launch_block_device_mappings": [ 472 { 473 "device_name": "/dev/sda1", 474 "volume_size": 40, 475 "volume_type": "gp2", 476 "delete_on_termination": true 477 } 478 ], 479 "ami_block_device_mappings": [ 480 { 481 "device_name": "/dev/sdb", 482 "virtual_name": "ephemeral0" 483 }, 484 { 485 "device_name": "/dev/sdc", 486 "virtual_name": "ephemeral1" 487 } 488 ] 489 } 490 ``` 491 492 ## Build template data 493 494 The available variables are: 495 496 - `BuildRegion` - The region (for example `eu-central-1`) where Packer is building the AMI. 497 - `SourceAMI` - The source AMI ID (for example `ami-a2412fcd`) used to build the AMI. 498 - `SourceAMIName` - The source AMI Name (for example `ubuntu/images/ebs-ssd/ubuntu-xenial-16.04-amd64-server-20180306`) used to build the AMI. 499 - `SourceAMITags` - The source AMI Tags, as a `map[string]string` object. 500 501 ## Tag Example 502 503 Here is an example using the optional AMI tags. This will add the tags 504 `OS_Version` and `Release` to the finished AMI. As before, you will need to 505 provide your access keys, and may need to change the source AMI ID based on what 506 images exist when this template is run: 507 508 ``` json 509 { 510 "type": "amazon-ebs", 511 "access_key": "YOUR KEY HERE", 512 "secret_key": "YOUR SECRET KEY HERE", 513 "region": "us-east-1", 514 "source_ami": "ami-fce3c696", 515 "instance_type": "t2.micro", 516 "ssh_username": "ubuntu", 517 "ami_name": "packer-quick-start {{timestamp}}", 518 "tags": { 519 "OS_Version": "Ubuntu", 520 "Release": "Latest", 521 "Base_AMI_Name": "{{ .SourceAMIName }}", 522 "Extra": "{{ .SourceAMITags.TagName }}" 523 } 524 } 525 ``` 526 527 -> **Note:** Packer uses pre-built AMIs as the source for building images. 528 These source AMIs may include volumes that are not flagged to be destroyed on 529 termination of the instance building the new image. Packer will attempt to clean 530 up all residual volumes that are not designated by the user to remain after 531 termination. If you need to preserve those source volumes, you can overwrite the 532 termination setting by specifying `delete_on_termination=false` in the 533 `launch_block_device_mappings` block for the device.