This plugin fills a gap in a lot of AWS image bakery workflows where the source image built by any of Packer's Amazon builders (EBS, Chroot, Instance etc.) needs to be copied to a number of target accounts.
For each region:ami-id built, the plugin will copy the image and tags, and optionally encrypt the target AMI and wait for it to become active.
This is a packer plugin. Please read the plugin documentation.
You can download the latest binary for your architecture from the releases page.
"builders": [
{
"type": "amazon-ebs",
"ami_users": "{{user `aws_ami_users`}}",
"snapshot_users": "{{user `aws_ami_users`}}",
"tags": {
"Name": "{{user `aws_ami_name`}}-{{timestamp}}",
"ami:source": "{{.SourceAMI}}",
}
}
],
"provisioners": [],
"post-processors": [
{
"type": "ami-copy",
"ami_users":"{{user `aws_ami_users`}}",
"role_name": "AMICopyRole",
"encrypt_boot": true
}
]Type: ami-copy
Required:
ami_users(array of strings) - A list of account IDs to copy the images to. NOTE: you must share AMI and snapshot access in the builder throughami_usersandsnapshot_usersrespectively.
Optional:
copy_concurrency(integer) - Limit the number of copies executed in parallel (default: unlimited).encrypt_boot(boolean) - create the copy with an encrypted EBS volume in the target accountskms_key_id(string) - the ID of the KMS key to use for boot volume encryption. (default EBS KMS key used otherwise).ensure_available(boolean) - wait until the AMI becomes available in the copy target account(s)keep_artifact(boolean) - remove the original generated AMI after copy (default: true)