Packer post-processor plugin for AMI management
This post-processor cleanups old AMIs and EBS snapshots using amazon-ebs builder's access configuration after baking a new AMI.
Packer supports plugin system. Please read the following documentation:
https://www.packer.io/docs/extend/plugins.html
You can download binary built for your architecture from latest releases.
For example, to install v0.7.0 for 64bit OSX
For Linux based OS, you can use the install_linux.sh to automate the installation process
mkdir -p ~/.packer.d/plugins
wget https://github.com/wata727/packer-post-processor-amazon-ami-management/releases/download/v0.7.0/packer-post-processor-amazon-ami-management_0.7.0_darwin_amd64.zip -P /tmp/
cd ~/.packer.d/plugins
unzip -j /tmp/packer-post-processor-amazon-ami-management_0.7.0_darwin_amd64.zip -d ~/.packer.d/pluginsThe following example is a template to keep only the latest 3 AMIs.
{
"builders": [{
"type": "amazon-ebs",
"region": "us-east-1",
"source_ami": "ami-6869aa05",
"instance_type": "t2.micro",
"ssh_username": "ec2-user",
"ssh_pty": "true",
"ami_name": "packer-example {{timestamp}}",
"tags": {
"Amazon_AMI_Management_Identifier": "packer-example"
}
}],
"provisioners":[{
"type": "shell",
"inline": [
"echo 'running...'"
]
}],
"post-processors":[{
"type": "amazon-ami-management",
"regions": ["us-east-1"],
"identifier": "packer-example",
"keep_releases": "3"
}]
}Type: amazon-ami-management
Required:
identifier(string) - An identifier of AMIs. This plugin looksAmazon_AMI_Management_Identifiertag. Ifidentifiermatches tag value, these AMI becomes to management target.keep_releases(integer) - The number of AMIs. This value is invalid whenkeep_daysis set.keep_days(integer) - The number of days to keep AMIs. For example, if you specify10, AMIs created before 10 days will be deleted. This value is invalid whenkeep_releasesis set.regions(array of strings) - A list of regions, such asus-east-1in which to manage AMIs. NOTE: Before v0.3.0, this parameter wasregion. Since 0.4.0,regionis not used.
Optional:
dry_run(boolean) - Iftrue, the post-processor doesn't actually delete AMIs.
The following attibutes are also available. These are optional and used in the same way as AWS Builder:
access_keysecret_keyprofiletokenmfa_codecustom_endpoint_ec2skip_region_validationskip_metadata_api_check
The post-processor requires additional permissions to work. Below is the difference from the minimum permissions required by Packer.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action" : [
+ "autoscaling:DescribeLaunchConfigurations",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CopyImage",
"ec2:CreateImage",
"ec2:CreateKeypair",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteKeyPair",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSnapshot",
"ec2:DeleteVolume",
"ec2:DeregisterImage",
"ec2:DescribeImageAttribute",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
+ "ec2:DescribeLaunchTemplates",
+ "ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
"ec2:GetPasswordData",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySnapshotAttribute",
"ec2:RegisterImage",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Resource" : "*"
}]
}If you wish to build this plugin on your environment, you can use GNU Make build system. But this Makefile depends on Go 1.12 or more. At First, you should install Go.
$ GO111MODULE=on make build
