Hello all,
i need some input on how i can go about writing some code within the packer to prevent users from pulling down outdated AMIs, instead they use the golden images in my packer bakery.
You could give them a Packer HCL file with AMI selection along the lines of: (where “123456789” is your AWS account number)
source_ami_filter {
filters = {
name = "My_Super_Homebaked_Image*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["123456789"]
}
That will always take the newest AMI from your account it finds that begins with “My_Super_Homebaked_Image”. You establish permanent strings that the different image types begin with. That way they have to do something deliberate to not use the latest image you have left for them
If they’re really persistent and keep doing it, you could give them an HCL build file which is read-only but references provisioner files that are read-write so they can alter the provisioning buy not the Packer file and the source AMI.
We use this way of working. Whenever a new golden AMI comes out we just have to run the Packer jobs again to rebuild the current AMIs with the new, patched golden OSes.