Separate file system for build an CIS level 1 compliant AMI with Packer

We want to do something that should be pretty simple with packer build a cloud ami which as several filesystem. Right now we are building aws ami with one disk and a large / filesystem

To be secure compliant CIS level 1 (CIS Critical Security Controls) We need to have a least a separate file System for /tmp /home and /var/tmp.

In order to do so, we can select a larger disk and provide a lvm layout which can be done in a kickstart file or aws EC Image builder.

What would be the simplest way to achieve this with packer ? We have seen a presentation done at Hashiconf 2016 (OS Hardening and Packer - YouTube)

Could you point us the best path to follow ? From the doc I don’t see an easy solution using the chroot (Amazon chroot - Builders | Packer by HashiCorp)
Maybe an easy solution, would be to attach a second drive to the image and put those filesystem on the second drive using a shell script ?

Any pointer will be welcome.

2 Likes

Hello Packer team,

We have the same needs in our project and we would love to hear your best practice recommendation as of the best way to achieve this.

Best.

2 Likes