github.com/StackPointCloud/packer@v0.10.2-0.20180716202532-b28098e0f79b/website/source/docs/builders/amazon-ebs.html.md (about)

     1  ---
     2  description: |
     3      The amazon-ebs Packer builder is able to create Amazon AMIs backed by EBS
     4      volumes for use in EC2. For more information on the difference between
     5      EBS-backed instances and instance-store backed instances, see the storage for
     6      the root device section in the EC2 documentation.
     7  layout: docs
     8  page_title: 'Amazon EBS - Builders'
     9  sidebar_current: 'docs-builders-amazon-ebsbacked'
    10  ---
    11  
    12  # AMI Builder (EBS backed)
    13  
    14  Type: `amazon-ebs`
    15  
    16  The `amazon-ebs` Packer builder is able to create Amazon AMIs backed by EBS
    17  volumes for use in [EC2](https://aws.amazon.com/ec2/). For more information on
    18  the difference between EBS-backed instances and instance-store backed instances,
    19  see the ["storage for the root device" section in the EC2
    20  documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html#storage-for-the-root-device).
    21  
    22  This builder builds an AMI by launching an EC2 instance from a source AMI,
    23  provisioning that running machine, and then creating an AMI from that machine.
    24  This is all done in your own AWS account. The builder will create temporary
    25  keypairs, security group rules, etc. that provide it temporary access to the
    26  instance while the image is being created. This simplifies configuration quite a
    27  bit.
    28  
    29  The builder does *not* manage AMIs. Once it creates an AMI and stores it in your
    30  account, it is up to you to use, delete, etc. the AMI.
    31  
    32  -> **Note:** Temporary resources are, by default, all created with the prefix
    33  `packer`. This can be useful if you want to restrict the security groups and
    34  key pairs Packer is able to operate on.
    35  
    36  ## Configuration Reference
    37  
    38  There are many configuration options available for the builder. They are
    39  segmented below into two categories: required and optional parameters. Within
    40  each category, the available configuration keys are alphabetized.
    41  
    42  In addition to the options listed here, a
    43  [communicator](/docs/templates/communicator.html) can be configured for this
    44  builder.
    45  
    46  ### Required:
    47  
    48  -   `access_key` (string) - The access key used to communicate with AWS. [Learn
    49      how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
    50  
    51  -   `ami_name` (string) - The name of the resulting AMI that will appear when
    52      managing AMIs in the AWS console or via APIs. This must be unique. To help
    53      make this unique, use a function like `timestamp` (see [template
    54      engine](/docs/templates/engine.html) for more info)
    55  
    56  -   `instance_type` (string) - The EC2 instance type to use while building the
    57      AMI, such as `t2.small`.
    58  
    59  -   `region` (string) - The name of the region, such as `us-east-1`, in which to
    60      launch the EC2 instance to create the AMI.
    61  
    62  -   `secret_key` (string) - The secret key used to communicate with AWS. [Learn
    63      how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials)
    64  
    65  -   `source_ami` (string) - The initial AMI used as a base for the newly
    66      created machine. `source_ami_filter` may be used instead to populate this
    67      automatically.
    68  
    69  ### Optional:
    70  
    71  -   `ami_block_device_mappings` (array of block device mappings) - Add one or
    72      more [block device mappings](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html)
    73      to the AMI. These will be attached when booting a new instance from your
    74      AMI. To add a block device during the Packer build see
    75      `launch_block_device_mappings` below. Your options here may vary depending
    76      on the type of VM you use. The block device mappings allow for the following
    77      configuration:
    78  
    79      -   `delete_on_termination` (boolean) - Indicates whether the EBS volume is
    80          deleted on instance termination. Default `false`. **NOTE**: If this
    81          value is not explicitly set to `true` and volumes are not cleaned up by
    82          an alternative method, additional volumes will accumulate after
    83          every build.
    84  
    85      -   `device_name` (string) - The device name exposed to the instance (for
    86          example, `/dev/sdh` or `xvdh`). Required when specifying `volume_size`.
    87  
    88      -   `encrypted` (boolean) - Indicates whether to encrypt the volume or not
    89  
    90      -   `iops` (number) - The number of I/O operations per second (IOPS) that the
    91          volume supports. See the documentation on
    92          [IOPs](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_EbsBlockDevice.html)
    93          for more information
    94  
    95      -   `no_device` (boolean) - Suppresses the specified device included in the
    96          block device mapping of the AMI
    97  
    98      -   `snapshot_id` (string) - The ID of the snapshot
    99  
   100      -   `virtual_name` (string) - The virtual device name. See the documentation on
   101          [Block Device
   102          Mapping](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BlockDeviceMapping.html)
   103          for more information
   104  
   105      -   `volume_size` (number) - The size of the volume, in GiB. Required if not
   106          specifying a `snapshot_id`
   107  
   108      -   `volume_type` (string) - The volume type. `gp2` for General Purpose (SSD)
   109          volumes, `io1` for Provisioned IOPS (SSD) volumes, and `standard` for Magnetic
   110          volumes
   111  
   112  -   `ami_description` (string) - The description to set for the
   113      resulting AMI(s). By default this description is empty. This is a
   114      [template engine](/docs/templates/engine.html),
   115      see [Build template data](#build-template-data) for more information.
   116  
   117  -   `ami_groups` (array of strings) - A list of groups that have access to
   118      launch the resulting AMI(s). By default no groups have permission to launch
   119      the AMI. `all` will make the AMI publicly accessible. AWS currently doesn't
   120      accept any value other than `all`.
   121  
   122  -   `ami_product_codes` (array of strings) - A list of product codes to
   123      associate with the AMI. By default no product codes are associated with
   124      the AMI.
   125  
   126  -   `ami_regions` (array of strings) - A list of regions to copy the AMI to.
   127      Tags and attributes are copied along with the AMI. AMI copying takes time
   128      depending on the size of the AMI, but will generally take many minutes.
   129  
   130  -   `ami_users` (array of strings) - A list of account IDs that have access to
   131      launch the resulting AMI(s). By default no additional users other than the
   132      user creating the AMI has permissions to launch it.
   133  
   134  -   `ami_virtualization_type` (string) - The type of virtualization for the AMI
   135      you are building. This option must match the supported virtualization
   136      type of `source_ami`. Can be `paravirtual` or `hvm`.
   137  
   138  -   `associate_public_ip_address` (boolean) - If using a non-default VPC, public
   139      IP addresses are not provided by default. If this is toggled, your new
   140      instance will get a Public IP.
   141  
   142  -   `availability_zone` (string) - Destination availability zone to launch
   143      instance in. Leave this empty to allow Amazon to auto-assign.
   144  
   145  -   `custom_endpoint_ec2` (string) - This option is useful if you use a cloud
   146      provider whose API is compatible with aws EC2. Specify another endpoint
   147      like this `https://ec2.custom.endpoint.com`.
   148  
   149  -   `disable_stop_instance` (boolean) - Packer normally stops the build instance
   150      after all provisioners have run. For Windows instances, it is sometimes
   151      desirable to [run Sysprep](http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ami-create-standard.html)
   152      which will stop the instance for you. If this is set to true, Packer *will not*
   153      stop the instance but will assume that you will send the stop signal
   154      yourself through your final provisioner. You can do this with a
   155      [windows-shell provisioner](https://www.packer.io/docs/provisioners/windows-shell.html).
   156  
   157      Note that Packer will still wait for the instance to be stopped, and failing
   158      to send the stop signal yourself, when you have set this flag to `true`,
   159      will cause a timeout.
   160  
   161      Example of a valid shutdown command:
   162  
   163      ``` json
   164      {
   165        "type": "windows-shell",
   166        "inline": ["\"c:\\Program Files\\Amazon\\Ec2ConfigService\\ec2config.exe\" -sysprep"]
   167      }
   168      ```
   169  
   170  -   `ebs_optimized` (boolean) - Mark instance as [EBS
   171      Optimized](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html).
   172      Default `false`.
   173  
   174  -   `ena_support` (boolean) - Enable enhanced networking (ENA but not SriovNetSupport)
   175      on HVM-compatible AMIs. If true, add `ec2:ModifyInstanceAttribute` to your AWS IAM policy.
   176      Note: you must make sure enhanced networking is enabled on your instance. See [Amazon's
   177      documentation on enabling enhanced networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking). Default `false`.
   178  
   179  -   `enable_t2_unlimited` (boolean) - Enabling T2 Unlimited allows the source
   180      instance to burst additional CPU beyond its available [CPU Credits]
   181      (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-credits-baseline-concepts.html)
   182      for as long as the demand exists.
   183      This is in contrast to the standard configuration that only allows an
   184      instance to consume up to its available CPU Credits.
   185      See the AWS documentation for [T2 Unlimited]
   186      (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-unlimited.html)
   187      and the 'T2 Unlimited Pricing' section of the [Amazon EC2 On-Demand
   188      Pricing](https://aws.amazon.com/ec2/pricing/on-demand/) document for more
   189      information.
   190      By default this option is disabled and Packer will set up a [T2
   191      Standard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-std.html)
   192      instance instead.
   193  
   194      To use T2 Unlimited you must use a T2 instance type e.g. t2.micro.
   195      Additionally, T2 Unlimited cannot be used in conjunction with Spot
   196      Instances e.g. when the `spot_price` option has been configured.
   197      Attempting to do so will cause an error.
   198  
   199      !> **Warning!** Additional costs may be incurred by enabling T2
   200      Unlimited - even for instances that would usually qualify for the
   201      [AWS Free Tier](https://aws.amazon.com/free/).
   202  
   203  -   `force_deregister` (boolean) - Force Packer to first deregister an existing
   204      AMI if one with the same name already exists. Default `false`.
   205  
   206  -   `force_delete_snapshot` (boolean) - Force Packer to delete snapshots associated with
   207      AMIs, which have been deregistered by `force_deregister`. Default `false`.
   208  
   209  -   `encrypt_boot` (boolean) - Instruct packer to automatically create a copy of the
   210      AMI with an encrypted boot volume (discarding the initial unencrypted AMI in the
   211      process). Packer will always run this operation, even if the base
   212      AMI has an encrypted boot volume to start with. Default `false`.
   213  
   214  -   `kms_key_id` (string) - The ID of the KMS key to use for boot volume encryption.
   215      This only applies to the main `region`, other regions where the AMI will be copied
   216      will be encrypted by the default EBS KMS key.
   217  
   218  -   `iam_instance_profile` (string) - The name of an [IAM instance
   219      profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
   220      to launch the EC2 instance with.
   221  
   222  -   `launch_block_device_mappings` (array of block device mappings) - Add one
   223      or more block devices before the Packer build starts. If you add instance
   224      store volumes or EBS volumes in addition to the root device volume, the
   225      created AMI will contain block device mapping information for those
   226      volumes. Amazon creates snapshots of the source instance's root volume and
   227      any other EBS volumes described here. When you launch an instance from this
   228      new AMI, the instance automatically launches with these additional volumes,
   229      and will restore them from snapshots taken from the source instance.
   230  
   231  -   `mfa_code` (string) - The MFA [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
   232      code. This should probably be a user variable since it changes all the time.
   233  
   234  -   `profile` (string) - The profile to use in the shared credentials file for
   235      AWS. See Amazon's documentation on [specifying
   236      profiles](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-profiles)
   237      for more details.
   238  
   239  -   `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to,
   240      along with the custom kms key id to use for encryption for that region.
   241      Keys must match the regions provided in `ami_regions`. If you just want to
   242      encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`.
   243      If you want a region to be encrypted with that region's default key ID, you can
   244      use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
   245      However, you cannot use default key IDs if you are using this in conjunction with
   246      `snapshot_users` -- in that situation you must use custom keys.
   247  
   248  -   `run_tags` (object of key/value strings) - Tags to apply to the instance
   249      that is *launched* to create the AMI. These tags are *not* applied to the
   250      resulting AMI unless they're duplicated in `tags`. This is a
   251      [template engine](/docs/templates/engine.html),
   252      see [Build template data](#build-template-data) for more information.
   253  
   254  -   `run_volume_tags` (object of key/value strings) - Tags to apply to the volumes
   255      that are *launched* to create the AMI. These tags are *not* applied to the
   256      resulting AMI unless they're duplicated in `tags`. This is a
   257      [template engine](/docs/templates/engine.html),
   258      see [Build template data](#build-template-data) for more information.
   259  
   260  -   `security_group_id` (string) - The ID (*not* the name) of the security group
   261      to assign to the instance. By default this is not set and Packer will
   262      automatically create a new temporary security group to allow SSH access.
   263      Note that if this is specified, you must be sure the security group allows
   264      access to the `ssh_port` given below.
   265  
   266  -   `security_group_ids` (array of strings) - A list of security groups as
   267      described above. Note that if this is specified, you must omit the
   268      `security_group_id`.
   269  
   270  -   `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
   271      access to the instance, when packer is creating a temporary security group.
   272      The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
   273      when `security_group_id` or `security_group_ids` is not specified.
   274  
   275  -   `shutdown_behavior` (string) - Automatically terminate instances on shutdown
   276      in case Packer exits ungracefully. Possible values are "stop" and "terminate",
   277      default is `stop`.
   278  
   279  -   `skip_region_validation` (boolean) - Set to true if you want to skip
   280      validation of the region configuration option. Default `false`.
   281  
   282  -   `snapshot_groups` (array of strings) - A list of groups that have access to
   283      create volumes from the snapshot(s). By default no groups have permission to create
   284      volumes from the snapshot(s). `all` will make the snapshot publicly accessible.
   285  
   286  -   `snapshot_users` (array of strings) - A list of account IDs that have access to
   287      create volumes from the snapshot(s). By default no additional users other than the
   288      user creating the AMI has permissions to create volumes from the backing snapshot(s).
   289  
   290  -   `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot.
   291      They will override AMI tags if already applied to snapshot. This is a
   292      [template engine](/docs/templates/engine.html),
   293      see [Build template data](#build-template-data) for more information.
   294  
   295  -   `source_ami_filter` (object) - Filters used to populate the `source_ami` field.
   296      Example:
   297  
   298      ``` json
   299      {
   300        "source_ami_filter": {
   301          "filters": {
   302            "virtualization-type": "hvm",
   303            "name": "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*",
   304            "root-device-type": "ebs"
   305          },
   306          "owners": ["099720109477"],
   307          "most_recent": true
   308        }
   309      }
   310      ```
   311  
   312      This selects the most recent Ubuntu 16.04 HVM EBS AMI from Canonical.
   313      NOTE: This will fail unless *exactly* one AMI is returned. In the above
   314      example, `most_recent` will cause this to succeed by selecting the newest image.
   315  
   316      -   `filters` (map of strings) - filters used to select a `source_ami`.
   317          NOTE: This will fail unless *exactly* one AMI is returned.
   318          Any filter described in the docs for [DescribeImages](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html)
   319          is valid.
   320  
   321      -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
   322          This is helpful to limit the AMIs to a trusted third party, or to your own account.
   323  
   324      -   `most_recent` (boolean) - Selects the newest created image when true.
   325          This is most useful for selecting a daily distro build.
   326  
   327      You may set this in place of `source_ami` or in conjunction with it. If you
   328      set this in conjunction with `source_ami`, the `source_ami` will be added to
   329      the filter. The provided `source_ami` must meet all of the filtering criteria
   330      provided in `source_ami_filter`; this pins the AMI returned by the filter,
   331      but will cause Packer to fail if the `source_ami` does not exist.
   332  
   333  -   `spot_price` (string) - The maximum hourly price to pay for a spot instance
   334      to create the AMI. Spot instances are a type of instance that EC2 starts
   335      when the current spot price is less than the maximum price you specify. Spot
   336      price will be updated based on available spot instance capacity and current
   337      spot instance requests. It may save you some costs. You can set this to
   338      `auto` for Packer to automatically discover the best spot price or to "0"
   339      to use an on demand instance (default).
   340  
   341  -   `spot_price_auto_product` (string) - Required if `spot_price` is set
   342      to `auto`. This tells Packer what sort of AMI you're launching to find the
   343      best spot price. This must be one of: `Linux/UNIX`, `SUSE Linux`, `Windows`,
   344      `Linux/UNIX (Amazon VPC)`, `SUSE Linux (Amazon VPC)`, `Windows (Amazon VPC)`
   345  
   346  -   `spot_tags` (object of key/value strings) - Requires `spot_price` to
   347      be set. This tells Packer to apply tags to the spot request that is
   348      issued.
   349  
   350  -   `sriov_support` (boolean) - Enable enhanced networking (SriovNetSupport but not ENA)
   351      on HVM-compatible AMIs. If true, add `ec2:ModifyInstanceAttribute` to your AWS IAM
   352      policy. Note: you must make sure enhanced networking is enabled on your instance. See [Amazon's
   353      documentation on enabling enhanced networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking).
   354      Default `false`.
   355  
   356  -   `ssh_keypair_name` (string) - If specified, this is the key that will be
   357      used for SSH with the machine. The key must match a key pair name loaded
   358      up into Amazon EC2. By default, this is blank, and Packer will
   359      generate a temporary keypair unless
   360      [`ssh_password`](/docs/templates/communicator.html#ssh_password) is used.
   361      [`ssh_private_key_file`](/docs/templates/communicator.html#ssh_private_key_file)
   362      or `ssh_agent_auth` must be specified when `ssh_keypair_name` is utilized.
   363  
   364  -   `ssh_agent_auth` (boolean) - If true, the local SSH agent will be used to
   365      authenticate connections to the source instance. No temporary keypair will
   366      be created, and the values of `ssh_password` and `ssh_private_key_file` will
   367      be ignored. To use this option with a key pair already configured in the source
   368      AMI, leave the `ssh_keypair_name` blank. To associate an existing key pair
   369      in AWS with the source instance, set the `ssh_keypair_name` field to the name
   370      of the key pair.
   371  
   372  -   `ssh_private_ip` (boolean) - No longer supported. See
   373      [`ssh_interface`](#ssh_interface). A fixer exists to migrate.
   374  
   375  -   `ssh_interface` (string) - One of `public_ip`, `private_ip`,
   376      `public_dns` or `private_dns`. If set, either the public IP address,
   377      private IP address, public DNS name or private DNS name will used as the host for SSH.
   378      The default behaviour if inside a VPC is to use the public IP address if available,
   379      otherwise the private IP address will be used. If not in a VPC the public DNS name
   380      will be used. Also works for WinRM.
   381  
   382      Where Packer is configured for an outbound proxy but WinRM traffic should be direct,
   383      `ssh_interface` must be set to `private_dns` and `<region>.compute.internal` included
   384      in the `NO_PROXY` environment variable.
   385  
   386  -   `subnet_id` (string) - If using VPC, the ID of the subnet, such as
   387      `subnet-12345def`, where Packer will launch the EC2 instance. This field is
   388      required if you are using an non-default VPC.
   389  
   390  -   `tags` (object of key/value strings) - Tags applied to the AMI and
   391      relevant snapshots. This is a
   392      [template engine](/docs/templates/engine.html),
   393      see [Build template data](#build-template-data) for more information.
   394  
   395  -   `temporary_key_pair_name` (string) - The name of the temporary key pair
   396      to generate. By default, Packer generates a name that looks like
   397      `packer_<UUID>`, where &lt;UUID&gt; is a 36 character unique identifier.
   398  
   399  -   `token` (string) - The access token to use. This is different from the
   400      access key and secret key. If you're not sure what this is, then you
   401      probably don't need it. This will also be read from the `AWS_SESSION_TOKEN`
   402      environmental variable.
   403  
   404  -   `user_data` (string) - User data to apply when launching the instance. Note
   405      that you need to be careful about escaping characters due to the templates
   406      being JSON. It is often more convenient to use `user_data_file`, instead.
   407  
   408  -   `user_data_file` (string) - Path to a file that will be used for the user
   409      data when launching the instance.
   410  
   411  -   `vpc_id` (string) - If launching into a VPC subnet, Packer needs the VPC ID
   412      in order to create a temporary security group within the VPC. Requires `subnet_id`
   413      to be set. If this field is left blank, Packer will try to get the VPC ID from the
   414      `subnet_id`.
   415  
   416  -   `windows_password_timeout` (string) - The timeout for waiting for a Windows
   417      password for Windows instances. Defaults to 20 minutes. Example value: `10m`
   418  
   419  ## Basic Example
   420  
   421  Here is a basic example. You will need to provide access keys, and may need to
   422  change the AMI IDs according to what images exist at the time the template is run:
   423  
   424  ``` json
   425  {
   426    "type": "amazon-ebs",
   427    "access_key": "YOUR KEY HERE",
   428    "secret_key": "YOUR SECRET KEY HERE",
   429    "region": "us-east-1",
   430    "source_ami": "ami-fce3c696",
   431    "instance_type": "t2.micro",
   432    "ssh_username": "ubuntu",
   433    "ami_name": "packer-quick-start {{timestamp}}"
   434  }
   435  ```
   436  
   437  -&gt; **Note:** Packer can also read the access key and secret access key from
   438  environmental variables. See the configuration reference in the section above
   439  for more information on what environmental variables Packer will look for.
   440  
   441  Further information on locating AMI IDs and their relationship to instance types
   442  and regions can be found in the AWS EC2 Documentation
   443  [for Linux](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html)
   444  or [for Windows](http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/finding-an-ami.html).
   445  
   446  ## Accessing the Instance to Debug
   447  
   448  If you need to access the instance to debug for some reason, run the builder
   449  with the `-debug` flag. In debug mode, the Amazon builder will save the private
   450  key in the current directory and will output the DNS or IP information as well.
   451  You can use this information to access the instance as it is running.
   452  
   453  ## AMI Block Device Mappings Example
   454  
   455  Here is an example using the optional AMI block device mappings. Our
   456  configuration of `launch_block_device_mappings` will expand the root volume
   457  (`/dev/sda`) to 40gb during the build (up from the default of 8gb). With
   458  `ami_block_device_mappings` AWS will attach additional volumes `/dev/sdb` and
   459  `/dev/sdc` when we boot a new instance of our AMI.
   460  
   461  ``` json
   462  {
   463    "type": "amazon-ebs",
   464    "access_key": "YOUR KEY HERE",
   465    "secret_key": "YOUR SECRET KEY HERE",
   466    "region": "us-east-1",
   467    "source_ami": "ami-fce3c696",
   468    "instance_type": "t2.micro",
   469    "ssh_username": "ubuntu",
   470    "ami_name": "packer-quick-start {{timestamp}}",
   471    "launch_block_device_mappings": [
   472      {
   473        "device_name": "/dev/sda1",
   474        "volume_size": 40,
   475        "volume_type": "gp2",
   476        "delete_on_termination": true
   477      }
   478    ],
   479    "ami_block_device_mappings": [
   480      {
   481        "device_name": "/dev/sdb",
   482        "virtual_name": "ephemeral0"
   483      },
   484      {
   485        "device_name": "/dev/sdc",
   486        "virtual_name": "ephemeral1"
   487      }
   488    ]
   489  }
   490  ```
   491  
   492  ## Build template data
   493  
   494  The available variables are:
   495  
   496  - `BuildRegion` - The region (for example `eu-central-1`) where Packer is building the AMI.
   497  - `SourceAMI` - The source AMI ID (for example `ami-a2412fcd`) used to build the AMI.
   498  - `SourceAMIName` - The source AMI Name (for example `ubuntu/images/ebs-ssd/ubuntu-xenial-16.04-amd64-server-20180306`) used to build the AMI.
   499  - `SourceAMITags` - The source AMI Tags, as a `map[string]string` object.
   500  
   501  ## Tag Example
   502  
   503  Here is an example using the optional AMI tags. This will add the tags
   504  `OS_Version` and `Release` to the finished AMI. As before, you will need to
   505  provide your access keys, and may need to change the source AMI ID based on what
   506  images exist when this template is run:
   507  
   508  ``` json
   509  {
   510    "type": "amazon-ebs",
   511    "access_key": "YOUR KEY HERE",
   512    "secret_key": "YOUR SECRET KEY HERE",
   513    "region": "us-east-1",
   514    "source_ami": "ami-fce3c696",
   515    "instance_type": "t2.micro",
   516    "ssh_username": "ubuntu",
   517    "ami_name": "packer-quick-start {{timestamp}}",
   518    "tags": {
   519      "OS_Version": "Ubuntu",
   520      "Release": "Latest",
   521      "Base_AMI_Name": "{{ .SourceAMIName }}",
   522      "Extra": "{{ .SourceAMITags.TagName }}"
   523    }
   524  }
   525  ```
   526  
   527  -&gt; **Note:** Packer uses pre-built AMIs as the source for building images.
   528  These source AMIs may include volumes that are not flagged to be destroyed on
   529  termination of the instance building the new image. Packer will attempt to clean
   530  up all residual volumes that are not designated by the user to remain after
   531  termination. If you need to preserve those source volumes, you can overwrite the
   532  termination setting by specifying `delete_on_termination=false` in the
   533  `launch_block_device_mappings` block for the device.