How to query aws AMI from packer

0 votes

I want to build a golden image with packer for amazon ebs.So I created an AWS AMI user on the console to get the access_key and secret_key. If I add these values in the application-server.json and start the command using:

packer build -only=amazon-ebs application-server.json

This error comes up:

Error querying AMI: AuthFailure: Credential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got 'my_key'

status code: 401, request id: d8e8359a-dfa4-47da-bf05-81c957849a6c

How do I split the key? Do I create a new instance manually before using the packer command?

How can I split the key? Should I create an instance manually before launching the packer command?

Update #1: application-server.json

{
  "variables": {
      "PACKER_OS_FLAVOUR": "ubuntu",
      "PACKER_BOX_NAME": "ubuntu-14.04.4-server-amd64",
      "AWS_ACCESS_KEY_ID": "{{env `AWS_ACCESS_KEY_ID`}}",
      "AWS_SECRET_ACCESS_KEY": "{{env `AWS_SECRET_ACCESS_KEY`}}",
      "DIGITALOCEAN_API_TOKEN": "{{env `DIGITALOCEAN_API_TOKEN`}}"
    },
    "builders": [
      {
        "type": "virtualbox-iso",
        "boot_command": [
          "<esc><wait>",
          "<esc><wait>",
          "<enter><wait>",
          "/install/vmlinuz<wait>",
          " auto<wait>",
          " console-setup/ask_detect=false<wait>",
          " console-setup/layoutcode=us<wait>",
          " console-setup/modelcode=pc105<wait>",
          " debconf/frontend=noninteractive<wait>",
          " debian-installer=en_US<wait>",
          " fb=false<wait>",
          " initrd=/install/initrd.gz<wait>",
          " kbd-chooser/method=us<wait>",
          " keyboard-configuration/layout=USA<wait>",
          " keyboard-configuration/variant=USA<wait>",
          " locale=en_US<wait>",
          " netcfg/get_domain=vm<wait>",
          " netcfg/get_hostname=vagrant<wait>",
          " noapic<wait>",
          " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<wait>",
          " -- <wait>",
          "<enter><wait>"
        ],
        "boot_wait": "10s",
        "headless": false,
        "disk_size": 10140,
        "guest_additions_path": "VBoxGuestAdditions_{{.Version}}.iso",
        "guest_os_type": "Ubuntu_64",
        "http_directory": "http",
        "iso_checksum": "07e4bb5569814eab41fafac882ba127893e3ff0bdb7ec931c9b2d040e3e94e7a",
        "iso_checksum_type": "sha256",
        "iso_url": "http://releases.ubuntu.com/trusty/{{ user `PACKER_BOX_NAME` }}.iso",
        "shutdown_command": "echo 'vagrant'|sudo -S shutdown -P now",
        "ssh_password": "vagrant",
        "ssh_port": 22,
        "ssh_username": "vagrant",
        "ssh_wait_timeout": "10000s",
        "type": "virtualbox-iso",
        "vm_name": "{{ user `PACKER_BOX_NAME` }}",
        "vboxmanage": [
          ["modifyvm", "{{.Name}}", "--memory", "1024"],
          ["modifyvm", "{{.Name}}", "--cpus", "2"]
        ],
        "virtualbox_version_file": ".vbox_version"
      },
      {
        "type": "amazon-ebs",
        "access_key": "AKIAJEXAMPEXAMPEXAMP ",
        "secret_key": "ExAMpleExAmpLEExAMPlEExAMPlEexAmpLEExaMPL",
        "region": "us-east-1",
        "source_ami": "ami-10b68a78",
        "instance_type": "t2.micro",
        "ssh_username": "ubuntu",
        "ami_name": "packer-app-server {{timestamp}}"
      },
      {
        "type": "googlecompute",
        "account_file": "account.json",
        "project_id": "devops-intro-project",
        "source_image": "ubuntu-1404-trusty-v20150316",
        "zone": "us-central1-a",
        "image_name": "application-ubuntu-1404-{{timestamp}}",
        "machine_type": "n1-standard-1",
        "ssh_username": "ubuntu"
      },
      {
        "type": "digitalocean",
        "api_token": "{{ user `DIGITALOCEAN_API_TOKEN` }}",
        "image": "ubuntu-14-04-x64",
        "region": "tor1",
        "size": "512mb",
        "droplet_name": "udacity-devops",
        "private_networking": true
      }
  ],

  "provisioners": [
    {
      "type": "shell",
      "execute_command": "echo 'vagrant'|{{.Vars}} sudo -S -E bash '{{.Path}}'",
      "scripts": [
        "scripts/update.sh"
      ]
    },
    {
    "type": "shell",
    "only": ["virtualbox-iso"],
    "execute_command": "echo 'vagrant'|sudo -S -E bash '{{.Path}}'",
    "scripts": [
        "scripts/virtualbox.sh",
        "scripts/vagrant.sh"
      ]
    },
    {
      "type": "shell",
      "execute_command": "echo 'vagrant'|sudo -S -E bash '{{.Path}}'",
      "scripts": [
        "scripts/application.sh",
        "scripts/cleanup.sh"
      ]
    }
  ],
  "post-processors": [
    [
      {
        "type": "vagrant",
        "except": ["googlecompute", "digitalocean"],
        "compression_level": "9",
        "output": "{{.Provider}}/{{ user `PACKER_BOX_NAME` }}-appserver_{{.Provider}}.box"
      }
    ]
  ]
}

Update #2: Earlier the problem was an empty space in the access_key. But Now I've got a new problem:

amazon-ebs: Error cleaning up keypair. Please delete the key manually: Build 'amazon-ebs' errored: Error creating temporary keypair: UnauthorizedOperation: You are not authorized to perform this operation. status code: 403, request id: ee8cd02a-bdd8-4987-a798-00dc1f94e8e7

Jul 23, 2018 in DevOps on Cloud by DareDev
• 6,890 points
1,790 views

1 answer to this question.

0 votes

To solve the keypair error I just added the user group in aws IAM and then added the policy found on packer docs:

{

  "Version": "2012-10-17",
  "Statement": [{
      "Effect": "Allow",
      "Action" : [
        "ec2:AttachVolume",
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:CopyImage",
        "ec2:CreateImage",
        "ec2:CreateKeypair",
        "ec2:CreateSecurityGroup",
        "ec2:CreateSnapshot",
        "ec2:CreateTags",
        "ec2:CreateVolume",
        "ec2:DeleteKeypair",
        "ec2:DeleteSecurityGroup",
        "ec2:DeleteSnapshot",
        "ec2:DeleteVolume",
        "ec2:DeregisterImage",
        "ec2:DescribeImageAttribute",
        "ec2:DescribeImages",
        "ec2:DescribeInstances",
        "ec2:DescribeRegions",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeSnapshots",
        "ec2:DescribeSubnets",
        "ec2:DescribeTags",
        "ec2:DescribeVolumes",
        "ec2:DetachVolume",
        "ec2:GetPasswordData",
        "ec2:ModifyImageAttribute",
        "ec2:ModifyInstanceAttribute",
        "ec2:ModifySnapshotAttribute",
        "ec2:RegisterImage",
        "ec2:RunInstances",
        "ec2:StopInstances",
        "ec2:TerminateInstances"
      ],
      "Resource" : "*"
  }]
}

This seemed to have worked for me

answered Jul 23, 2018 by DareDev
• 6,890 points

Related Questions In DevOps on Cloud

0 votes
2 answers
0 votes
1 answer
0 votes
1 answer

Adding public contact from request to aws

Third one seems to be the best ...READ MORE

answered Jun 28, 2018 in DevOps on Cloud by DareDev
• 6,890 points
787 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer
+1 vote
3 answers
+2 votes
2 answers
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP