-
Notifications
You must be signed in to change notification settings - Fork 111
/
Copy pathvariables.pkr.hcl
694 lines (580 loc) · 24.3 KB
/
variables.pkr.hcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
variable "ami_name_prefix" {
description = "The prefix to use when creating the AMI name. i.e. - `<ami_name_prefix>-<eks_version>-<timestamp>"
type = string
default = "amazon-eks"
}
variable "eks_version" {
description = "The EKS cluster version associated with the AMI created"
type = string
default = "1.27"
}
variable "ami_type" {
description = "The type of AMI to create. Valid values are `amazon-linux-2` or `amazon-linux-2-arm64`"
type = string
default = "amazon-linux-2"
}
################################################################################
# EBS Source
################################################################################
variable "ami_block_device_mappings" {
description = "The block device mappings attached when booting a new instance from the AMI created"
type = list(map(string))
default = [
{
device_name = "/dev/xvda"
volume_size = 10
volume_type = "gp3"
delete_on_termination = true
},
]
}
variable "ami_description" {
description = "The description to use when creating the AMI"
type = string
default = "Amazon EKS Kubernetes AMI based on AmazonLinux2 OS"
}
variable "ami_groups" {
description = "A list of groups that have access to launch the resulting AMI(s). By default no groups have permission to launch the AMI. `all` will make the AMI publicly accessible. AWS currently doesn't accept any value other than `all`"
type = list(string)
default = null
}
variable "ami_org_arns" {
description = "A list of Amazon Resource Names (ARN) of AWS Organizations that have access to launch the resulting AMI(s). By default no organizations have permission to launch the AMI"
type = list(string)
default = null
}
variable "ami_ou_arns" {
description = "A list of Amazon Resource Names (ARN) of AWS Organizations organizational units (OU) that have access to launch the resulting AMI(s). By default no organizational units have permission to launch the AMI"
type = list(string)
default = null
}
variable "ami_regions" {
description = "A list of regions to copy the AMI to. Tags and attributes are copied along with the AMI. AMI copying takes time depending on the size of the AMI, but will generally take many minutes"
type = list(string)
default = null
}
variable "ami_users" {
description = "A list of account IDs that have access to launch the resulting AMI(s). By default no additional users other than the user creating the AMI has permissions to launch it"
type = list(string)
default = null
}
variable "ami_virtualization_type" {
description = "The type of virtualization used to create the AMI. Can be one of `hvm` or `paravirtual`"
type = string
default = "hvm"
}
variable "deprecate_at" {
description = "The date and time to deprecate the AMI, in UTC, in the following format: YYYY-MM-DDTHH:MM:SSZ. If you specify a value for seconds, Amazon EC2 rounds the seconds to the nearest minute"
type = string
default = null
}
variable "ena_support" {
description = "Enable enhanced networking (ENA but not SriovNetSupport) on HVM-compatible AMIs"
type = bool
default = null
}
variable "encrypt_boot" {
description = "Whether or not to encrypt the resulting AMI when copying a provisioned instance to an AMI. By default, Packer will keep the encryption setting to what it was in the source image"
type = bool
default = null
}
variable "force_deregister" {
description = "Force Packer to first deregister an existing AMI if one with the same name already exists. Default `false`"
type = bool
default = null
}
variable "force_delete_snapshot" {
description = "Force Packer to delete snapshots associated with AMIs, which have been deregistered by force_deregister. Default `false`"
type = bool
default = null
}
variable "imds_support" {
description = "Enforce version of the Instance Metadata Service on the built AMI. Valid options are `unset` (legacy) and `v2.0`"
type = string
default = "v2.0"
}
variable "kms_key_id" {
description = "ID, alias or ARN of the KMS key to use for AMI encryption. This only applies to the main `region` -- any regions the AMI gets copied to copied will be encrypted by the default EBS KMS key for that region, unless you set region-specific keys in `region_kms_key_ids`"
type = string
default = null
}
variable "launch_block_device_mappings" {
description = "The block device mappings to use when creating the AMI. If you add instance store volumes or EBS volumes in addition to the root device volume, the created AMI will contain block device mapping information for those volumes. Amazon creates snapshots of the source instance's root volume and any other EBS volumes described here. When you launch an instance from this new AMI, the instance automatically launches with these additional volumes, and will restore them from snapshots taken from the source instance"
type = list(map(string))
default = [
{
device_name = "/dev/xvda"
volume_size = 10
volume_type = "gp3"
delete_on_termination = true
},
]
}
variable "region_kms_key_ids" {
description = "regions to copy the ami to, along with the custom kms key id (alias or arn) to use for encryption for that region. Keys must match the regions provided in `ami_regions`"
type = map(string)
default = null
}
variable "run_volume_tags" {
description = "Tags to apply to the volumes that are launched to create the AMI. These tags are not applied to the resulting AMI"
type = map(string)
default = null
}
variable "skip_region_validation" {
description = "Set to `true` if you want to skip validation of the `ami_regions` configuration option. Default `false`"
type = bool
default = null
}
variable "skip_save_build_region" {
description = "If true, Packer will not check whether an AMI with the ami_name exists in the region it is building in. It will use an intermediary AMI name, which it will not convert to an AMI in the build region. Default `false`"
type = bool
default = null
}
variable "sriov_support" {
description = "Enable enhanced networking (SriovNetSupport but not ENA) on HVM-compatible AMIs"
type = bool
default = null
}
variable "snapshot_groups" {
description = "A list of groups that have access to create volumes from the snapshot(s). By default no groups have permission to create volumes from the snapshot(s). all will make the snapshot publicly accessible"
type = list(string)
default = null
}
variable "snapshot_tags" {
description = "Key/value pair tags to apply to snapshot. They will override AMI tags if already applied to snapshot"
type = map(string)
default = null
}
variable "snapshot_users" {
description = "A list of account IDs that have access to create volumes from the snapshot(s). By default no additional users other than the user creating the AMI has permissions to create volumes from the backing snapshot(s)"
type = list(string)
default = null
}
variable "tags" {
description = "Key/value pair tags applied to the AMI"
type = map(string)
default = {}
}
# Access Configuration
variable "access_key" {
description = "The access key used to communicate with AWS"
type = string
default = null
}
variable "assume_role" {
description = "If provided with a role ARN, Packer will attempt to assume this role using the supplied credentials"
type = map(string)
default = {}
}
variable "aws_polling" {
description = "Polling configuration for the AWS waiter. Configures the waiter for resources creation or actions like attaching volumes or importing image"
type = map(string)
default = {}
}
variable "custom_endpoint_ec2" {
description = "This option is useful if you use a cloud provider whose API is compatible with aws EC2"
type = string
default = null
}
variable "decode_authorization_messages" {
description = "Enable automatic decoding of any encoded authorization (error) messages using the sts:DecodeAuthorizationMessage API"
type = bool
default = null
}
variable "insecure_skip_tls_verify" {
description = "This allows skipping TLS verification of the AWS EC2 endpoint. The default is `false`"
type = bool
default = null
}
variable "max_retries" {
description = "This is the maximum number of times an API call is retried, in the case where requests are being throttled or experiencing transient failures. The delay between the subsequent API calls increases exponentially"
type = number
default = null
}
variable "mfa_code" {
description = "The MFA TOTP code. This should probably be a user variable since it changes all the time"
type = string
default = null
}
variable "profile" {
description = "The profile to use in the shared credentials file for AWS"
type = string
default = null
}
variable "region" {
description = "The name of the region, such as us-east-1, in which to launch the EC2 instance to create the AMI"
type = string
default = "us-west-2"
}
variable "secret_key" {
description = "The secret key used to communicate with AWS"
type = string
default = null
}
variable "shared_credentials_file" {
description = "Path to a credentials file to load credentials from"
type = string
default = null
}
variable "skip_credential_validation" {
description = "Set to true if you want to skip validating AWS credentials before runtime"
type = bool
default = null
}
variable "skip_metadata_api_check" {
description = "Skip Metadata Api Check"
type = bool
default = null
}
variable "token" {
description = "The access token to use. This is different from the access key and secret key"
type = string
default = null
}
# Communicator
variable "communicator" {
description = "The communicator to use to communicate with the EC2 instance. Valid values are `none`, `ssh`, `winrm`, and `ssh+winrm`"
type = string
default = "ssh"
}
variable "pause_before_connecting" {
description = "We recommend that you enable SSH or WinRM as the very last step in your guest's bootstrap script, but sometimes you may have a race condition where you need Packer to wait before attempting to connect to your guest"
type = string
default = null
}
variable "ssh_agent_auth" {
description = "If true, the local SSH agent will be used to authenticate connections to the source instance. No temporary keypair will be created, and the values of `ssh_password` and `ssh_private_key_file` will be ignored. The environment variable `SSH_AUTH_SOCK` must be set for this option to work properly"
type = bool
default = null
}
variable "ssh_bastion_agent_auth" {
description = "If `true`, the local SSH agent will be used to authenticate with the bastion host. Defaults to `false`"
type = bool
default = null
}
variable "ssh_bastion_certificate_file" {
description = "Path to user certificate used to authenticate with bastion host. The ~ can be used in path and will be expanded to the home directory of current user"
type = string
default = null
}
variable "ssh_bastion_host" {
description = "A bastion host to use for the actual SSH connection"
type = string
default = null
}
variable "ssh_bastion_interactive" {
description = "If `true`, the keyboard-interactive used to authenticate with bastion host"
type = bool
default = null
}
variable "ssh_bastion_password" {
description = "The password to use to authenticate with the bastion host"
type = string
default = null
}
variable "ssh_bastion_port" {
description = "The port of the bastion host. Defaults to `22`"
type = number
default = null
}
variable "ssh_bastion_private_key_file" {
description = "Path to a PEM encoded private key file to use to authenticate with the bastion host. The `~` can be used in path and will be expanded to the home directory of current user"
type = string
default = null
}
variable "ssh_bastion_username" {
description = "The username to connect to the bastion host"
type = string
default = null
}
variable "ssh_ciphers" {
description = "This overrides the value of ciphers supported by default by Golang. The default value is `[\"[email protected]\", \"[email protected]\", \"aes128-ctr\", \"aes192-ctr\", \"aes256-ctr\"]`"
type = list(string)
default = null
}
variable "ssh_certificate_file" {
description = "Path to user certificate used to authenticate with SSH. The `~` can be used in path and will be expanded to the home directory of current user"
type = string
default = null
}
variable "ssh_clear_authorized_keys" {
description = "If true, Packer will attempt to remove its temporary key from `~/.ssh/authorized_keys` and `/root/.ssh/authorized_keys`"
type = bool
default = null
}
variable "ssh_disable_agent_forwarding" {
description = "If `true`, SSH agent forwarding will be disabled. Defaults to `false`"
type = bool
default = null
}
variable "ssh_file_transfer_method" {
description = "How to transfer files, Secure copy (`scp` default) or SSH File Transfer Protocol (`sftp`)"
type = string
default = null
}
variable "ssh_handshake_attempts" {
description = "The number of handshakes to attempt with SSH once it can connect. This defaults to `10`, unless a `ssh_timeout` is set"
type = number
default = null
}
variable "ssh_host" {
description = "The address to SSH to. This usually is automatically configured by the builder"
type = string
default = null
}
variable "ssh_interface" {
description = "One of `public_ip`, `private_ip`, `public_dns`, `private_dns` or `session_manager`. If set, either the public IP address, private IP address, public DNS name or private DNS name will be used as the host for SSH. The default behavior if inside a VPC is to use the public IP address if available, otherwise the private IP address will be used. If not in a VPC the public DNS name will be used"
type = string
default = "public_dns"
}
variable "ssh_keep_alive_interval" {
description = "How often to send \"keep alive\" messages to the server. Set to a negative value (`-1s`) to disable. Defaults to `5s`"
type = string
default = null
}
variable "ssh_key_exchange_algorithms" {
description = "If set, Packer will override the value of key exchange (kex) algorithms supported by default by Golang. Acceptable values include: `[email protected]`, `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`, `diffie-hellman-group14-sha1`, and `diffie-hellman-group1-sha1`"
type = list(string)
default = null
}
variable "ssh_keypair_name" {
description = "If specified, this is the key that will be used for SSH with the machine. The key must match a key pair name loaded up into the remote"
type = string
default = null
}
variable "ssh_local_tunnels" {
description = "A list of local tunnels to use when connecting to the host"
type = list(string)
default = null
}
variable "ssh_password" {
description = "A plaintext password to use to authenticate with SSH"
type = string
default = null
}
variable "ssh_port" {
description = "The port to connect to SSH. This defaults to `22`"
type = number
default = null
}
variable "ssh_private_key_file" {
description = "Path to a PEM encoded private key file to use to authenticate with SSH. The ~ can be used in path and will be expanded to the home directory of current user"
type = string
default = null
}
variable "ssh_proxy_host" {
description = "A SOCKS proxy host to use for SSH connection"
type = string
default = null
}
variable "ssh_proxy_password" {
description = "The optional password to use to authenticate with the proxy server"
type = string
default = null
}
variable "ssh_proxy_port" {
description = "A port of the SOCKS proxy. Defaults to `1080`"
type = number
default = null
}
variable "ssh_proxy_username" {
description = "The optional username to authenticate with the proxy server"
type = string
default = null
}
#
variable "ssh_pty" {
description = "If `true`, a PTY will be requested for the SSH connection. This defaults to `false`"
type = bool
default = null
}
variable "ssh_read_write_timeout" {
description = "The amount of time to wait for a remote command to end. This might be useful if, for example, packer hangs on a connection after a reboot. Example: `5m`. Disabled by default"
type = string
default = null
}
variable "ssh_remote_tunnels" {
description = "A list of remote tunnels to use when connecting to the host"
type = list(string)
default = null
}
variable "ssh_timeout" {
description = "The time to wait for SSH to become available. Packer uses this to determine when the machine has booted so this is usually quite long. This defaults to `5m`, unless `ssh_handshake_attempts` is set"
type = string
default = null
}
variable "ssh_username" {
description = "The username to connect to SSH with. Required if using SSH"
type = string
default = "ec2-user"
}
variable "temporary_key_pair_type" {
description = "Specifies the type of key to create. The possible values are 'dsa', 'ecdsa', 'ed25519', or 'rsa'. Default is `rsa`"
type = string
default = null
}
variable "temporary_key_pair_bits" {
description = "Specifies the number of bits in the key to create. For RSA keys, the minimum size is 1024 bits and the default is 4096 bits. Generally, 3072 bits is considered sufficient"
type = number
default = null
}
# Run Configuration
variable "associate_public_ip_address" {
description = "If using a non-default VPC, public IP addresses are not provided by default. If this is true, your new instance will get a Public IP"
type = bool
default = null
}
variable "capacity_reservation_preference" {
description = "Set the preference for using a capacity reservation if one exists. Either will be `open` or `none`. Defaults to `none`"
type = string
default = null
}
variable "capacity_reservation_group_arn" {
description = "Provide the EC2 Capacity Reservation Group ARN that will be used by Packer"
type = string
default = null
}
variable "capacity_reservation_id" {
description = "Provide the specific EC2 Capacity Reservation ID that will be used by Packer"
type = string
default = null
}
variable "disable_stop_instance" {
description = "If this is set to true, Packer will not stop the instance but will assume that you will send the stop signal yourself through your final provisioner"
type = bool
default = null
}
variable "ebs_optimized" {
description = "Mark instance as EBS Optimized. Default `false`"
type = bool
default = null
}
variable "enable_nitro_enclave" {
description = "Enable support for Nitro Enclaves on the instance"
type = bool
default = null
}
variable "enable_unlimited_credits" {
description = "Enabling Unlimited credits allows the source instance to burst additional CPU beyond its available CPU Credits for as long as the demand exists"
type = bool
default = null
}
variable "iam_instance_profile" {
description = "The name of an IAM instance profile to launch the EC2 instance with"
type = string
default = null
}
variable "instance_type" {
description = "The EC2 instance type to use while building the AMI, such as `m5.large`"
type = string
default = "c5.xlarge"
}
variable "fleet_tags" {
description = "Key/value pair tags to apply tags to the fleet that is issued"
type = map(string)
default = null
}
variable "pause_before_ssm" {
description = "The time to wait before establishing the Session Manager session"
type = string
default = null
}
variable "placement" {
description = "Describes the placement of an instance"
type = map(string)
default = {}
}
variable "run_tags" {
description = "Key/value pair tags to apply to the generated key-pair, security group, iam profile and role, snapshot, network interfaces and instance that is launched to create the EBS volumes. The resulting AMI will also inherit these tags"
type = map(string)
default = null
}
variable "security_group_ids" {
description = "A list of security group IDs to assign to the instance. By default this is not set and Packer will automatically create a new temporary security group to allow SSH access"
type = list(string)
default = null
}
variable "security_group_filter" {
description = "Filters used to populate the `security_group_ids` field. `security_group_ids` take precedence over this"
type = list(map(string))
default = []
}
variable "session_manager_port" {
description = "Which port to connect the local end of the session tunnel to. If left blank, Packer will choose a port for you from available ports. This option is only used when `ssh_interface` is set `session_manager`"
type = number
default = null
}
variable "shutdown_behavior" {
description = "Automatically terminate instances on shutdown in case Packer exits ungracefully. Possible values are `stop` and `terminate`. Defaults to `stop`"
type = string
default = null
}
variable "skip_profile_validation" {
description = "Whether or not to check if the IAM instance profile exists. Defaults to `false`"
type = bool
default = null
}
variable "subnet_filter" {
description = "Filters used to populate the subnet_id field. `subnet_id` take precedence over this"
type = list(map(string))
default = []
}
variable "subnet_id" {
description = "f using VPC, the ID of the subnet, such as subnet-12345def, where Packer will launch the EC2 instance. This field is required if you are using an non-default VPC"
type = string
default = null
}
variable "temporary_security_group_source_cidrs" {
description = "A list of IPv4 CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group. The default is `[0.0.0.0/0]`"
type = list(string)
default = null
}
variable "temporary_security_group_source_public_ip" {
description = "When enabled, use public IP of the host (obtained from https://checkip.amazonaws.com) as CIDR block to be authorized access to the instance, when packer is creating a temporary security group. Defaults to `false`"
type = bool
default = null
}
variable "user_data" {
description = "User data to apply when launching the instance"
type = string
default = null
}
variable "user_data_file" {
description = "Path to a file that will be used for the user data when launching the instance"
type = string
default = null
}
variable "vpc_filter" {
description = "Filters used to populate the `vpc_id` field. `vpc_id` take precedence over this"
type = list(map(string))
default = []
}
variable "vpc_id" {
description = "If launching into a VPC subnet, Packer needs the VPC ID in order to create a temporary security group within the VPC. Requires `subnet_id` to be set. If this field is left blank, Packer will try to get the VPC ID from the `subnet_id`"
type = string
default = null
}
variable "metadata_options" {
description = "Configures the metadata options for the instance launched"
type = map(string)
default = {
http_endpoint = "enabled"
http_tokens = "required"
http_put_response_hop_limit = 1
}
}
################################################################################
# Build
################################################################################
variable "shell_provisioner1" {
description = "Values passed to the first shell provisioner"
default = {}
}
variable "shell_provisioner2" {
description = "Values passed to the second shell provisioner"
default = {}
}
variable "shell_provisioner3" {
description = "Values passed to the third/last shell provisioner"
default = {}
}