Skip to main content

AWS Example

The project is to create a hardened Ubuntu image on AWS using scripts and respecting the project structure and folders. We could do it with ansible, but let's leave that for another simpler example.

The documentation on how to use this source is in EBS

The complete project is in the bastion-ubuntu folder

Important Details About the Project​

  • It is necessary that the default VPC is enabled because the instance needs to come up in some VPC. If the VPC is not enabled, it would be necessary to pass some more parameters like vpc_id, subnet_id (public), etc. Since AWS does not charge for the default VPC, keep it enabled which is easier. If this was put in the project it would be harder for others to study.
  • The source is reusable and can be used in many situations.
  • The input files for the variables are in the vars folder.
  • If you want to put a larger instance to do the build, feel free, this machine will finish quickly not generating very high cost improving the build speed. For this reason I don't see the need to declare filters to search for spot instances unless you have an image built every day, which is not the case.
  • Using environment variables makes it possible to put in a pipeline.

What Could Be Improved?​

  • More input AMIs could be added
  • In this case of a bastion, session manager could be enabled
  • In the case of image distribution, other factors must be taken into consideration such as licensing.
  • Define IAM with correct roles and policies to only build the image.
  • etc

How to Build the Project?​

With the terminal in the project folder and the AWS variables exported

packer init . --upgrade
packer build --machine-readable -var-file="./vars/ubuntu.auto.pkrvars.hcl" . | tee build.log