Hello. In our AWS project, we create an AMI using build.pkr.hcl with source "amazon-ebs" with ssh_interface= "session_manager". Build source is source "amazon-ebs" and the provisioner "shell". The build is done by an EC2 pipeline runner for a terragrunt/terraform module. The terraform module is:
terraform {
required_version = ">= 0.13.0"
required_providers {
null = {
source = "hashicorp/null"
version = ">= 2.0.0"
}
}
resource "null_resource" "packer_build" {
triggers = {
redeployment = var.packer_redeployment_trigger
}
provisioner "local-exec" {
command = "${var.packer_bin} init --upgrade ${var.packer_build_file}"
}
provisioner "local-exec" {
command = "${var.packer_bin} build ${var.packer_build_flags != null ? var.packer_build_flags : ""} ${var.packer_build_file}"
}
}
I found this document below related to AWS EC2 Session Manager connections ( ssh_interface= “session_manager”):
Amazon Builder | Integrations | Packer | HashiCorp Developer .
My question is how does the EC2_pipeline_runner (where packer build is run) connects to the build_EC2 created by packer in the case of ssh_interface= “session_manager”?
I found this document too Start a session - AWS Systems Manager . Does the packer run (in background/not seen in the output above) the command ssh -i /path/my-key-pair.pem username@instance-id` to start an ssh session to the build ec2 instance ? How does the “temporary keypair: packer_67125f72-1da3-34ee-8fd2-895fab74ae97” reaches the ec2 runner instance so it can be used for connection to the build ec2 instance? May you please show the part of the code here github com/ hashicorp/ packer-plugin-amazon/tree/main/builder/ebs which creates the ssh connection to the build EC2?
These are the logs output from the runner:
null_resource.packer_build: Provisioning with 'local-exec'...
null_resource.packer_build (local-exec): Executing: ["/bin/sh" "-c" "packer init --upgrade /builds/ucc-platform/infrastructure/solutions-hub-environments-iac-live/_envcommon/resources/_global/optimized-amis/gitlab-runner-optimized-ami/build.pkr.hcl"]
null_resource.packer_build (local-exec): Installed plugin github.com/wata727/amazon-ami-management v1.6.1 in "/root/.config/packer/plugins/github.com/wata727/amazon-ami-management/packer-plugin-amazon-ami-management_v1.6.1_x5.0_linux_amd64"
null_resource.packer_build: Provisioning with 'local-exec'...
null_resource.packer_build (local-exec): Executing: ["/bin/sh" "-c" "packer build -var 'mandatory_tags={\"Confidentiality\":\"C3\",\"ManagedBy\":\"groupfunc.example@example.com\",\"Platform\":\"example\",\"Project\":\"example\",\"SecurityZone\":\"S1\",\"TaggingVersion\":\"V2.4\"}' -var 'vpc_id_source=vpc-06example' -var 'subnet_id_source=subnet-04example' -var 'aws_region=eu-central-1' /builds/xxx-platform/infrastructure/xxx-environments-iac-live/_envcommon/resources/_global/optimized-amis/gitlab-runner-optimized-ami/build.pkr.hcl"]
null_resource.packer_build (local-exec): amazon-ebs.pcs_al2_runner: output will be in this color.
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Prevalidating any provided VPC information
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Prevalidating AMI Name: amazon-linux-2-gitlab-runner-20241018131530
null_resource.packer_build (local-exec): amazon-ebs.pcs_al2_runner: Found Image ID: ami-05c743ee69f01d8c4
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Creating temporary keypair: packer_67125f72-1da3-34ee-8fd2-895fab74ae97
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Creating temporary security group for this instance: packer_67125f76-1e10-0534-2dba-939e02b030f3
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Authorizing access to port 22 from [0.0.0.0/0] in the temporary security groups...
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Launching a source AWS instance...
null_resource.packer_build (local-exec): amazon-ebs.pcs_al2_runner: Instance ID: i-0449c380790e47691
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Waiting for instance (i-0449c380790e47691) to become ready...
null_resource.packer_build: Still creating... [10s elapsed]
null_resource.packer_build: Still creating... [20s elapsed]
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Using SSH communicator to connect: localhost
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Waiting for SSH to become available...
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Connected to SSH!
null_resource.packer_build (local-exec): ==> amazon-ebs.pcs_al2_runner: Provisioning with shell script: /tmp/packer-shell712162759
Thank you.