github.com/aclaygray/packer@v1.3.2/website/source/docs/builders/amazon-ebssurrogate.html.md (about) 1 --- 2 description: | 3 The amazon-ebssurrogate Packer builder is like the chroot builder, but does 4 not require running inside an EC2 instance. 5 layout: docs 6 page_title: 'Amazon EBS Surrogate - Builders' 7 sidebar_current: 'docs-builders-amazon-ebssurrogate' 8 --- 9 10 # EBS Surrogate Builder 11 12 Type: `amazon-ebssurrogate` 13 14 The `amazon-ebssurrogate` Packer builder is able to create Amazon AMIs by 15 running a source instance with an attached volume, provisioning the attached 16 volume in such a way that it can be used as the root volume for the AMI, and 17 then snapshotting and creating the AMI from that volume. 18 19 This builder can therefore be used to bootstrap scratch-build images - for 20 example FreeBSD or Ubuntu using ZFS as the root file system. 21 22 This is all done in your own AWS account. This builder will create temporary key 23 pairs, security group rules, etc., that provide it temporary access to the 24 instance while the image is being created. 25 26 ## Configuration Reference 27 28 There are many configuration options available for this builder. They are 29 segmented below into two categories: required and optional parameters. Within 30 each category, the available configuration keys are alphabetized. 31 32 In addition to the options listed here, a 33 [communicator](/docs/templates/communicator.html) can be configured for this 34 builder. 35 36 ### Required: 37 38 - `access_key` (string) - The access key used to communicate with AWS. [Learn 39 how to set this](/docs/builders/amazon.html#specifying-amazon-credentials) 40 41 - `instance_type` (string) - The EC2 instance type to use while building the 42 AMI, such as `m1.small`. 43 44 - `region` (string) - The name of the region, such as `us-east-1`, in which to 45 launch the EC2 instance to create the AMI. 46 47 - `secret_key` (string) - The secret key used to communicate with AWS. [Learn 48 how to set this](/docs/builders/amazon.html#specifying-amazon-credentials) 49 50 - `source_ami` (string) - The initial AMI used as a base for the newly 51 created machine. `source_ami_filter` may be used instead to populate this 52 automatically. 53 54 - `ami_root_device` (block device mapping) - A block device mapping describing 55 the root device of the AMI. This looks like the mappings in `ami_block_device_mapping`, 56 except with an additional field: 57 58 - `source_device_name` (string) - The device name of the block device on the 59 source instance to be used as the root device for the AMI. This must correspond 60 to a block device in `launch_block_device_mapping`. 61 62 ### Optional: 63 64 - `ami_block_device_mappings` (array of block device mappings) - Add one or 65 more [block device mappings](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) 66 to the AMI. These will be attached when booting a new instance from your 67 AMI. To add a block device during the packer build see 68 `launch_block_device_mappings` below. Your options here may vary depending 69 on the type of VM you use. The block device mappings allow for the following 70 configuration: 71 72 - `delete_on_termination` (boolean) - Indicates whether the EBS volume is 73 deleted on instance termination. Default `false`. **NOTE**: If this 74 value is not explicitly set to `true` and volumes are not cleaned up by 75 an alternative method, additional volumes will accumulate after 76 every build. 77 78 - `device_name` (string) - The device name exposed to the instance (for 79 example, `/dev/sdh` or `xvdh`). Required for every device in the 80 block device mapping. 81 82 - `encrypted` (boolean) - Indicates whether or not to encrypt the volume. 83 84 - `iops` (number) - The number of I/O operations per second (IOPS) that the 85 volume supports. See the documentation on 86 [IOPs](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_EbsBlockDevice.html) 87 for more information. 88 89 - `no_device` (boolean) - Suppresses the specified device included in the 90 block device mapping of the AMI. 91 92 - `snapshot_id` (string) - The ID of the snapshot. 93 94 - `virtual_name` (string) - The virtual device name. See the documentation on 95 [Block Device 96 Mapping](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BlockDeviceMapping.html) 97 for more information. 98 99 - `volume_size` (number) - The size of the volume, in GiB. Required if not 100 specifying a `snapshot_id`. 101 102 - `volume_type` (string) - The volume type. (`gp2` for General Purpose (SSD) 103 volumes, `io1` for Provisioned IOPS (SSD) volumes, and `standard` for Magnetic 104 volumes) 105 106 - `ami_description` (string) - The description to set for the 107 resulting AMI(s). By default this description is empty. This is a 108 [template engine](/docs/templates/engine.html), 109 see [Build template data](#build-template-data) for more information. 110 111 - `ami_groups` (array of strings) - A list of groups that have access to 112 launch the resulting AMI(s). By default no groups have permission to launch 113 the AMI. `all` will make the AMI publicly accessible. AWS currently doesn't 114 accept any value other than `all`. 115 116 - `ami_product_codes` (array of strings) - A list of product codes to 117 associate with the AMI. By default no product codes are associated with 118 the AMI. 119 120 - `ami_regions` (array of strings) - A list of regions to copy the AMI to. 121 Tags and attributes are copied along with the AMI. AMI copying takes time 122 depending on the size of the AMI, but will generally take many minutes. 123 124 - `ami_users` (array of strings) - A list of account IDs that have access to 125 launch the resulting AMI(s). By default no additional users other than the 126 user creating the AMI has permissions to launch it. 127 128 - `ami_virtualization_type` (string) - The type of virtualization for the AMI 129 you are building. This option must match the supported virtualization 130 type of `source_ami`. Can be `paravirtual` or `hvm`. 131 132 - `associate_public_ip_address` (boolean) - If using a non-default VPC, public 133 IP addresses are not provided by default. If this is toggled, your new 134 instance will get a Public IP. 135 136 - `availability_zone` (string) - Destination availability zone to launch 137 instance in. Leave this empty to allow Amazon to auto-assign. 138 139 - `block_duration_minutes` (int64) - Requires `spot_price` to 140 be set. The required duration for the Spot Instances (also known as Spot blocks). 141 This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360). 142 You can't specify an Availability Zone group or a launch group if you specify a duration. 143 144 - `custom_endpoint_ec2` (string) - This option is useful if you use a cloud 145 provider whose API is compatible with aws EC2. Specify another endpoint 146 like this `https://ec2.custom.endpoint.com`. 147 148 - `decode_authorization_messages` (boolean) - Enable automatic decoding of any 149 encoded authorization (error) messages using the `sts:DecodeAuthorizationMessage` API. 150 Note: requires that the effective user/role have permissions to `sts:DecodeAuthorizationMessage` 151 on resource `*`. Default `false`. 152 153 - `disable_stop_instance` (boolean) - Packer normally stops the build instance 154 after all provisioners have run. For Windows instances, it is sometimes 155 desirable to [run Sysprep](http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ami-create-standard.html) 156 which will stop the instance for you. If this is set to true, Packer *will not* 157 stop the instance but will assume that you will send the stop signal 158 yourself through your final provisioner. You can do this with a 159 [windows-shell provisioner](https://www.packer.io/docs/provisioners/windows-shell.html). 160 161 Note that Packer will still wait for the instance to be stopped, and failing 162 to send the stop signal yourself, when you have set this flag to `true`, 163 will cause a timeout. 164 165 Example of a valid shutdown command: 166 167 ``` json 168 { 169 "type": "windows-shell", 170 "inline": ["\"c:\\Program Files\\Amazon\\Ec2ConfigService\\ec2config.exe\" -sysprep"] 171 } 172 ``` 173 174 - `ebs_optimized` (boolean) - Mark instance as [EBS 175 Optimized](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html). 176 Default `false`. 177 178 - `ena_support` (boolean) - Enable enhanced networking (ENA but not SriovNetSupport) 179 on HVM-compatible AMIs. If set, add `ec2:ModifyInstanceAttribute` to your AWS IAM policy. 180 If false, this will disable enhanced networking in the final AMI as opposed to passing 181 the setting through unchanged from the source. Note: you must make sure enhanced 182 networking is enabled on your instance. See [Amazon's documentation on enabling enhanced 183 networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking). 184 185 - `enable_t2_unlimited` (boolean) - Enabling T2 Unlimited allows the source 186 instance to burst additional CPU beyond its available [CPU Credits] 187 (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-credits-baseline-concepts.html) 188 for as long as the demand exists. 189 This is in contrast to the standard configuration that only allows an 190 instance to consume up to its available CPU Credits. 191 See the AWS documentation for [T2 Unlimited] 192 (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-unlimited.html) 193 and the **T2 Unlimited Pricing** section of the [Amazon EC2 On-Demand 194 Pricing](https://aws.amazon.com/ec2/pricing/on-demand/) document for more 195 information. 196 By default this option is disabled and Packer will set up a [T2 197 Standard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-std.html) 198 instance instead. 199 200 To use T2 Unlimited you must use a T2 instance type, e.g., `t2.micro`. 201 Additionally, T2 Unlimited cannot be used in conjunction with Spot 202 Instances, e.g., when the `spot_price` option has been configured. 203 Attempting to do so will cause an error. 204 205 !> **Warning!** Additional costs may be incurred by enabling T2 206 Unlimited - even for instances that would usually qualify for the 207 [AWS Free Tier](https://aws.amazon.com/free/). 208 209 - `encrypt_boot` (boolean) - Instruct packer to automatically create a copy of the 210 AMI with an encrypted boot volume (discarding the initial unencrypted AMI in the 211 process). Packer will always run this operation, even if the base 212 AMI has an encrypted boot volume to start with. Default `false`. 213 214 - `force_deregister` (boolean) - Force Packer to first deregister an existing 215 AMI if one with the same name already exists. Default `false`. 216 217 - `force_delete_snapshot` (boolean) - Force Packer to delete snapshots associated with 218 AMIs, which have been deregistered by `force_deregister`. Default `false`. 219 220 221 - `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption. 222 This only applies to the main `region`, other regions where the AMI will be copied 223 will be encrypted by the default EBS KMS key. For valid formats 224 see _KmsKeyId_ in the 225 [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html). 226 227 228 - `iam_instance_profile` (string) - The name of an [IAM instance 229 profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html) 230 to launch the EC2 instance with. 231 232 - `launch_block_device_mappings` (array of block device mappings) - Add one 233 or more block devices before the Packer build starts. If you add instance 234 store volumes or EBS volumes in addition to the root device volume, the 235 created AMI will contain block device mapping information for those 236 volumes. Amazon creates snapshots of the source instance's root volume and 237 any other EBS volumes described here. When you launch an instance from this 238 new AMI, the instance automatically launches with these additional volumes, 239 and will restore them from snapshots taken from the source instance. 240 241 - `mfa_code` (string) - The MFA [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) 242 code. This should probably be a user variable since it changes all the time. 243 244 - `profile` (string) - The profile to use in the shared credentials file for 245 AWS. See Amazon's documentation on [specifying 246 profiles](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-profiles) 247 for more details. 248 249 - `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to, 250 along with the custom kms key id (alias or arn) to use for encryption for that region. 251 Keys must match the regions provided in `ami_regions`. If you just want to 252 encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`. 253 If you want a region to be encrypted with that region's default key ID, you can 254 use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`) 255 However, you cannot use default key IDs if you are using this in conjunction with 256 `snapshot_users` -- in that situation you must use custom keys. For valid formats 257 see _KmsKeyId_ in the 258 [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html). 259 260 261 - `run_tags` (object of key/value strings) - Tags to apply to the instance 262 that is *launched* to create the AMI. These tags are *not* applied to the 263 resulting AMI unless they're duplicated in `tags`. This is a 264 [template engine](/docs/templates/engine.html), 265 see [Build template data](#build-template-data) for more information. 266 267 - `run_volume_tags` (object of key/value strings) - Tags to apply to the volumes 268 that are *launched* to create the AMI. These tags are *not* applied to the 269 resulting AMI unless they're duplicated in `tags`. This is a 270 [template engine](/docs/templates/engine.html), 271 see [Build template data](#build-template-data) for more information. 272 273 - `security_group_id` (string) - The ID (*not* the name) of the security group 274 to assign to the instance. By default this is not set and Packer will 275 automatically create a new temporary security group to allow SSH access. 276 Note that if this is specified, you must be sure the security group allows 277 access to the `ssh_port` given below. 278 279 - `security_group_ids` (array of strings) - A list of security groups as 280 described above. Note that if this is specified, you must omit the 281 `security_group_id`. 282 283 - `security_group_filter` (object) - Filters used to populate the `security_group_ids` field. 284 Example: 285 286 ``` json 287 { 288 "security_group_filter": { 289 "filters": { 290 "tag:Class": "packer" 291 } 292 } 293 } 294 ``` 295 296 This selects the SG's with tag `Class` with the value `packer`. 297 298 - `filters` (map of strings) - filters used to select a `security_group_ids`. 299 Any filter described in the docs for [DescribeSecurityGroups](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) 300 is valid. 301 302 `security_group_ids` take precedence over this. 303 304 - `shutdown_behavior` (string) - Automatically terminate instances on shutdown 305 incase packer exits ungracefully. Possible values are "stop" and "terminate", 306 default is `stop`. 307 308 - `skip_region_validation` (boolean) - Set to true if you want to skip 309 validation of the region configuration option. Default `false`. 310 311 - `snapshot_groups` (array of strings) - A list of groups that have access to 312 create volumes from the snapshot(s). By default no groups have permission to create 313 volumes from the snapshot(s). `all` will make the snapshot publicly accessible. 314 315 - `snapshot_users` (array of strings) - A list of account IDs that have access to 316 create volumes from the snapshot(s). By default no additional users other than the 317 user creating the AMI has permissions to create volumes from the backing snapshot(s). 318 319 - `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot. 320 They will override AMI tags if already applied to snapshot. This is a 321 [template engine](/docs/templates/engine.html), 322 see [Build template data](#build-template-data) for more information. 323 324 - `source_ami_filter` (object) - Filters used to populate the `source_ami` field. 325 Example: 326 327 ``` json 328 { 329 "source_ami_filter": { 330 "filters": { 331 "virtualization-type": "hvm", 332 "name": "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*", 333 "root-device-type": "ebs" 334 }, 335 "owners": ["099720109477"], 336 "most_recent": true 337 } 338 } 339 ``` 340 341 This selects the most recent Ubuntu 16.04 HVM EBS AMI from Canonical. 342 NOTE: This will fail unless *exactly* one AMI is returned. In the above 343 example, `most_recent` will cause this to succeed by selecting the newest image. 344 345 - `filters` (map of strings) - filters used to select a `source_ami`. 346 NOTE: This will fail unless *exactly* one AMI is returned. 347 Any filter described in the docs for [DescribeImages](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html) 348 is valid. 349 350 - `owners` (array of strings) - Filters the images by their owner. You may 351 specify one or more AWS account IDs, `self` (which will use the account 352 whose credentials you are using to run Packer), or an AWS owner alias: 353 for example, `amazon`, `aws-marketplace`, or `microsoft`. 354 This option is required for security reasons. 355 356 357 - `most_recent` (boolean) - Selects the newest created image when true. 358 This is most useful for selecting a daily distro build. 359 360 You may set this in place of `source_ami` or in conjunction with it. If you 361 set this in conjunction with `source_ami`, the `source_ami` will be added to 362 the filter. The provided `source_ami` must meet all of the filtering criteria 363 provided in `source_ami_filter`; this pins the AMI returned by the filter, 364 but will cause Packer to fail if the `source_ami` does not exist. 365 366 - `spot_price` (string) - The maximum hourly price to pay for a spot instance 367 to create the AMI. Spot instances are a type of instance that EC2 starts 368 when the current spot price is less than the maximum price you specify. Spot 369 price will be updated based on available spot instance capacity and current 370 spot instance requests. It may save you some costs. You can set this to 371 `auto` for Packer to automatically discover the best spot price or to "0" 372 to use an on demand instance (default). 373 374 - `spot_price_auto_product` (string) - Required if `spot_price` is set 375 to `auto`. This tells Packer what sort of AMI you're launching to find the 376 best spot price. This must be one of: `Linux/UNIX`, `SUSE Linux`, `Windows`, 377 `Linux/UNIX (Amazon VPC)`, `SUSE Linux (Amazon VPC)`, `Windows (Amazon VPC)` 378 379 - `spot_tags` (object of key/value strings) - Requires `spot_price` to 380 be set. This tells Packer to apply tags to the spot request that is 381 issued. 382 383 - `sriov_support` (boolean) - Enable enhanced networking (SriovNetSupport but not ENA) 384 on HVM-compatible AMIs. If true, add `ec2:ModifyInstanceAttribute` to your AWS IAM 385 policy. Note: you must make sure enhanced networking is enabled on your instance. See [Amazon's 386 documentation on enabling enhanced networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking). 387 Default `false`. 388 389 - `ssh_keypair_name` (string) - If specified, this is the key that will be 390 used for SSH with the machine. The key must match a key pair name loaded 391 up into Amazon EC2. By default, this is blank, and Packer will 392 generate a temporary keypair unless 393 [`ssh_password`](/docs/templates/communicator.html#ssh_password) is used. 394 [`ssh_private_key_file`](/docs/templates/communicator.html#ssh_private_key_file) 395 or `ssh_agent_auth` must be specified when `ssh_keypair_name` is utilized. 396 397 - `ssh_agent_auth` (boolean) - If true, the local SSH agent will be used to 398 authenticate connections to the source instance. No temporary keypair will 399 be created, and the values of `ssh_password` and `ssh_private_key_file` will 400 be ignored. To use this option with a key pair already configured in the source 401 AMI, leave the `ssh_keypair_name` blank. To associate an existing key pair 402 in AWS with the source instance, set the `ssh_keypair_name` field to the name 403 of the key pair. 404 405 - `ssh_private_ip` (boolean) - No longer supported. See 406 [`ssh_interface`](#ssh_interface). A fixer exists to migrate. 407 408 - `ssh_interface` (string) - One of `public_ip`, `private_ip`, 409 `public_dns` or `private_dns`. If set, either the public IP address, 410 private IP address, public DNS name or private DNS name will used as the host for SSH. 411 The default behaviour if inside a VPC is to use the public IP address if available, 412 otherwise the private IP address will be used. If not in a VPC the public DNS name 413 will be used. Also works for WinRM. 414 415 Where Packer is configured for an outbound proxy but WinRM traffic should be direct, 416 `ssh_interface` must be set to `private_dns` and `<region>.compute.internal` included 417 in the `NO_PROXY` environment variable. 418 419 - `subnet_id` (string) - If using VPC, the ID of the subnet, such as 420 `subnet-12345def`, where Packer will launch the EC2 instance. This field is 421 required if you are using an non-default VPC. 422 423 - `subnet_filter` (object) - Filters used to populate the `subnet_id` field. 424 Example: 425 426 ``` json 427 { 428 "subnet_filter": { 429 "filters": { 430 "tag:Class": "build" 431 }, 432 "most_free": true, 433 "random": false 434 } 435 } 436 ``` 437 438 This selects the Subnet with tag `Class` with the value `build`, which has 439 the most free IP addresses. 440 NOTE: This will fail unless *exactly* one Subnet is returned. By using 441 `most_free` or `random` one will be selected from those matching the filter. 442 443 - `filters` (map of strings) - filters used to select a `subnet_id`. 444 NOTE: This will fail unless *exactly* one Subnet is returned. 445 Any filter described in the docs for [DescribeSubnets](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html) 446 is valid. 447 448 - `most_free` (boolean) - The Subnet with the most free IPv4 addresses 449 will be used if multiple Subnets matches the filter. 450 451 - `random` (boolean) - A random Subnet will be used if multiple Subnets 452 matches the filter. `most_free` have precendence over this. 453 454 `subnet_id` take precedence over this. 455 456 - `tags` (object of key/value strings) - Tags applied to the AMI and 457 relevant snapshots. This is a 458 [template engine](/docs/templates/engine.html), 459 see [Build template data](#build-template-data) for more information. 460 461 - `temporary_key_pair_name` (string) - The name of the temporary keypair 462 to generate. By default, Packer generates a name with a UUID. 463 464 - `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized 465 access to the instance, when packer is creating a temporary security group. 466 The default is `0.0.0.0/0` (i.e., allow any IPv4 source). This is only used 467 when `security_group_id` or `security_group_ids` is not specified. 468 469 - `token` (string) - The access token to use. This is different from the 470 access key and secret key. If you're not sure what this is, then you 471 probably don't need it. This will also be read from the `AWS_SESSION_TOKEN` 472 environmental variable. 473 474 - `user_data` (string) - User data to apply when launching the instance. Note 475 that you need to be careful about escaping characters due to the templates 476 being JSON. It is often more convenient to use `user_data_file`, instead. 477 478 - `user_data_file` (string) - Path to a file that will be used for the user 479 data when launching the instance. 480 481 - `vpc_id` (string) - If launching into a VPC subnet, Packer needs the VPC ID 482 in order to create a temporary security group within the VPC. Requires `subnet_id` 483 to be set. If this field is left blank, Packer will try to get the VPC ID from the 484 `subnet_id`. 485 486 - `vpc_filter` (object) - Filters used to populate the `vpc_id` field. 487 Example: 488 489 ``` json 490 { 491 "vpc_filter": { 492 "filters": { 493 "tag:Class": "build", 494 "isDefault": "false", 495 "cidr": "/24" 496 } 497 } 498 } 499 ``` 500 501 This selects the VPC with tag `Class` with the value `build`, which is not the 502 default VPC, and have a IPv4 CIDR block of `/24`. 503 NOTE: This will fail unless *exactly* one VPC is returned. 504 505 - `filters` (map of strings) - filters used to select a `vpc_id`. 506 NOTE: This will fail unless *exactly* one VPC is returned. 507 Any filter described in the docs for [DescribeVpcs](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html) 508 is valid. 509 510 `vpc_id` take precedence over this. 511 512 - `windows_password_timeout` (string) - The timeout for waiting for a Windows 513 password for Windows instances. Defaults to 20 minutes. Example value: `10m` 514 515 ## Basic Example 516 517 ``` json 518 { 519 "type" : "amazon-ebssurrogate", 520 "secret_key" : "YOUR SECRET KEY HERE", 521 "access_key" : "YOUR KEY HERE", 522 "region" : "us-east-1", 523 "ssh_username" : "ubuntu", 524 "instance_type" : "t2.medium", 525 "source_ami" : "ami-40d28157", 526 "launch_block_device_mappings" : [ 527 { 528 "volume_type" : "gp2", 529 "device_name" : "/dev/xvdf", 530 "delete_on_termination" : false, 531 "volume_size" : 10 532 } 533 ], 534 "ami_root_device": { 535 "source_device_name": "/dev/xvdf", 536 "device_name": "/dev/xvda", 537 "delete_on_termination": true, 538 "volume_size": 16, 539 "volume_type": "gp2" 540 } 541 } 542 ``` 543 544 -> **Note:** Packer can also read the access key and secret access key from 545 environmental variables. See the configuration reference in the section above 546 for more information on what environmental variables Packer will look for. 547 548 Further information on locating AMI IDs and their relationship to instance 549 types and regions can be found in the AWS EC2 Documentation 550 [for Linux](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html) 551 or [for Windows](http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/finding-an-ami.html). 552 553 ## Accessing the Instance to Debug 554 555 If you need to access the instance to debug for some reason, run this builder 556 with the `-debug` flag. In debug mode, the Amazon builder will save the private 557 key in the current directory and will output the DNS or IP information as well. 558 You can use this information to access the instance as it is running. 559 560 ## Build template data 561 562 In configuration directives marked as a template engine above, the 563 following variables are available: 564 565 - `BuildRegion` - The region (for example `eu-central-1`) where Packer is building the AMI. 566 - `SourceAMI` - The source AMI ID (for example `ami-a2412fcd`) used to build the AMI. 567 - `SourceAMIName` - The source AMI Name (for example `ubuntu/images/ebs-ssd/ubuntu-xenial-16.04-amd64-server-20180306`) used to build the AMI. 568 - `SourceAMITags` - The source AMI Tags, as a `map[string]string` object. 569 570 571 -> **Note:** Packer uses pre-built AMIs as the source for building images. 572 These source AMIs may include volumes that are not flagged to be destroyed on 573 termination of the instance building the new image. In addition to those volumes 574 created by this builder, any volumes inn the source AMI which are not marked for 575 deletion on termination will remain in your account.