github.com/askholme/packer@v0.7.2-0.20140924152349-70d9566a6852/website/source/docs/builders/amazon.html.markdown

github.com/askholme/packer@v0.7.2-0.20140924152349-70d9566a6852/website/source/docs/builders/amazon.html.markdown (about)

     1  ---
     2  layout: "docs"
     3  page_title: "Amazon AMI Builder"
     4  ---
     5  
     6  # Amazon AMI Builder
     7  
     8  Packer is able to create Amazon AMIs. To achieve this, Packer comes with
     9  multiple builders depending on the strategy you want to use to build the
    10  AMI. Packer supports the following builders at the moment:
    11  
    12  * [amazon-ebs](/docs/builders/amazon-ebs.html) - Create EBS-backed AMIs
    13    by launching a source instance and re-packaging it into a new AMI after
    14    provisioning. If in doubt, use this builder, which is the easiest to get
    15    started with.
    16  
    17  * [amazon-instance](/docs/builders/amazon-instance.html) - Create
    18    instance-store AMIs by launching and provisioning a source instance, then
    19    rebundling it and uploading it to S3.
    20  
    21  * [amazon-chroot](/docs/builders/amazon-chroot.html) - Create EBS-backed AMIs
    22    from an existing EC2 instance by mounting the root device and using a
    23    [Chroot](http://en.wikipedia.org/wiki/Chroot) environment to provision
    24    that device. This is an **advanced builder and should not be used by
    25    newcomers**. However, it is also the fastest way to build an EBS-backed
    26    AMI since no new EC2 instance needs to be launched.
    27  
    28  <div class="alert alert-block alert-info">
    29  <strong>Don't know which builder to use?</strong> If in doubt, use the
    30  <a href="/docs/builders/amazon-ebs.html">amazon-ebs builder</a>. It is
    31  much easier to use and Amazon generally recommends EBS-backed images nowadays.
    32  </div>
    33  
    34  ## Using an IAM Instance Profile
    35  
    36  If AWS keys are not specified in the template or through environment variables
    37  Packer will use credentials provided by the instance's IAM profile, if it has one.
    38  
    39  The following policy document provides the minimal set permissions necessary for Packer to work:
    40  
    41  <pre class="prettyprint">
    42  {
    43    "Statement": [{
    44        "Effect": "Allow",
    45        "Action" : [
    46          "ec2:AttachVolume",
    47          "ec2:CreateVolume",
    48          "ec2:DeleteVolume",
    49          "ec2:CreateKeypair",
    50          "ec2:DeleteKeypair",
    51          "ec2:CreateSecurityGroup",
    52          "ec2:DeleteSecurityGroup",
    53          "ec2:AuthorizeSecurityGroupIngress",
    54          "ec2:CreateImage",
    55          "ec2:RunInstances",
    56          "ec2:TerminateInstances",
    57          "ec2:StopInstances",
    58          "ec2:DescribeVolumes",
    59          "ec2:DetachVolume",
    60          "ec2:DescribeInstances",
    61          "ec2:CreateSnapshot",
    62          "ec2:DeleteSnapshot",
    63          "ec2:DescribeSnapshots",
    64          "ec2:DescribeImages",
    65          "ec2:RegisterImage",
    66          "ec2:CreateTags",
    67          "ec2:ModifyImageAttribute"
    68        ],
    69        "Resource" : "*"
    70    }]
    71  }
    72  </pre>
    73  
    74  Depending on what setting you use the following Actions might have to be allowed as well:
    75  * `ec2:ModifyImageAttribute` when using `ami_description`