Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packer >=1.7.3 JSON AWS Variables Key and Value Issue #119

Open
hc-github-team-packer opened this issue Aug 4, 2021 · 4 comments
Open

Packer >=1.7.3 JSON AWS Variables Key and Value Issue #119

hc-github-team-packer opened this issue Aug 4, 2021 · 4 comments
Labels
bug regression

Comments

@hc-github-team-packer
Copy link

This issue was originally opened by @BClev in hashicorp/packer#11169 and has been migrated to this repository. The original issue description is below.

Background
In versions of Packer before 1.7.3, the following worked fine for JSON:

In Packer var file (e.g. packer-vars.json):

...
    "aws_region": "us-east-1",
    "ami_regions": "us-east-1",
    "kms_key_id": "arn:aws:kms:us-east-1:<account>:key/<id>",
...

In Packer json file under builders:

...
      "region": "{{user `aws_region`}}",
      "ami_regions": ["{{user `ami_regions`}}"],
...
      "kms_key_id": "{{user `kms_key_id`}}",
      "region_kms_key_ids": {
        "{{user `aws_region`}}": "{{user `kms_key_id`}}"
      },
...

In case there were additional regions, I'd just append an increasing numeral to the additional items under region_kms_key_ids (e.g. aws_region1)

Issue
Running this in Packer >1.7.3, the following error occurs:

2021/07/27 16:38:58 packer-builder-amazon-ebs plugin: [INFO] (aws): No AWS timeout and polling overrides have been set. Packer will default to waiter-specific delays and timeouts. If you would like to customize the length of time between retries and max number of retries you may do so by setting the environment variables AWS_POLL_DELAY_SECONDS and AWS_MAX_ATTEMPTS or the configuration options aws_polling_delay_seconds and aws_polling_max_attempts to your desired values.
2021/07/27 16:38:58 packer-builder-amazon-ebs plugin: Cannot copy AMI to AWS session region 'us-east-1', deleting it from `ami_regions`.
2021/07/27 16:38:58 Build 'amazon-ebs' prepare failure: 1 error(s) occurred:

* "{{user `kms_key_id`}}" is not a valid KMS Key Id.

1 error(s) occurred:

* "{{user `kms_key_id`}}" is not a valid KMS Key Id.

I've tried changing the KMS key ID to an Alias or the ID itself. The only fix is to either remove the "region_kms_key_ids" entirely (which works for single region deployments but not multi), or hardcoding either the region or kms_key_id:

      "region_kms_key_ids": {
        "us-east-1": "{{user `kms_key_id`}}",
},

or

      "region_kms_key_ids": {
        "{{user `aws_region`}}": "arn:aws:kms:us-east-1:<account>:key/<id>",
},

It's almost as if having a variable on each side of the mapping is causing the issue. Again, this worked fine prior to 1.7.3.
@github-actions github-actions bot mentioned this issue Aug 4, 2021
Closed
@BClev
Copy link

BClev commented Aug 5, 2021
edited
Loading

Correction: Still seems fine for us-east-1 somehow, but does not work in GovCloud regions (us-gov-east-1/us-gov-west-1)

@SwampDragons
Copy link
Contributor

I bet the key id validation is too naive to handle gov-cloud regions. We'll investigate when we get a chance.

@BClev
Copy link

BClev commented Oct 20, 2021
edited
Loading

@SwampDragons Any updates on this? Just checking in.

@SwampDragons
Copy link
Contributor

Sorry, we haven't had a chance to look at this yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug regression
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SwampDragons @BClev @hc-github-team-packer