Import Machine Images Into AWS with Packer

December 02, 2018 Security and Compliance, MOVEit

Amazon Web Services (AWS) is still the most popular cloud platform and Packer provides great integration that enables users to import builds into AWS and convert them to Amazon Machine Images (AMI).

Hashicorp’s Packer tool has the unique ability to create machine images for multiple operating system platforms and then spit them out to multiple virtualization and cloud platforms. This enables IT operations to better manage a consistent OS across whatever provider a server is running on, not to mention a great tool for DevOps. 

How it Works

While you actually use Packer and AWS initially to build an AMI, you can also use other tools to first build a machine image on say Vagrant/Virtualbox. Then you can take the OVF image and then use Packer post-processors to export the OVF and ultimately have it converted to an AMI. This may be a good idea if you are using other platforms besides AWS to run workloads.

For using the OVF to AWS method, Packer first uploads the OVF to an S3 bucket, and then calls AWS API’s to convert that to an AMI.

Related: Cloud Glossary: The Terms You Need To Know

 

AWS Prerequisites

In AWS, there are certain prerequisites that must be configured in order for Packer to upload and convert the OVA. I will not cover these in the article but these steps are fairly simple to do if you have experience with AWS. This involves setting up an S3 bucket, creating a service role and configuring a policy.

Packer AWS Settings

There are several configuration options available to users in Packer for building and then exporting to AWS. For reference they can all be found on Packer’s reference page. The required options are the AWS access key, secret key, region, and s3 bucket name. Packer does a great job at doing the rest of the work for calling the API in the background.

In addition, users can choose settings such as AMI description, license type, AMI name, and add tags to the AMI.

Example Packer Template

In this Packer template example, I have my source OVF file “box.ovf”. My builder is the “virtualbox-ovf” type, meaning you must use an existing ovf file in your builder. I do not have any Packer provisioners in this template configured, but many user would likely want to do some provisioning to their OVF such as configuring settings or installing software. The builder will actually export into another ovf file. Then the “amazon-import” post-processor will run which will first add the exported ovf to an S3 bucket and then convert that to an AMI.



    "builders": [

    {

        "type": "virtualbox-ovf",

        "source_path": "box.ovf",

        "ssh_username": "username",

        "ssh_password": "password",

        "format": "ova",

        "shutdown_command": "echo 'packer' | sudo -S shutdown -P now"

    }

    ],

    "post-processors": [

    {

        "type": "amazon-import",

        "access_key": "MyAccessKey",

        "secret_key": "THISISSECRET",

        "region": "us-east-1",

        "s3_bucket_name": "test.domain.com"

        }

    ]

}

As you can see I set my AWS access key, secrey key, region and s3 bucket name. This simple Packer template will be enough to upload and create our AWS AMI.

Now let’s run it with packer build:

PS C:\temp\aws-test> packer build  .\centos.json

virtualbox-ovf output will be in this color.

 

==> virtualbox-ovf: Downloading or copying Guest additions

    virtualbox-ovf: Downloading or copying: file:///C:/Program%20Files/Oracle/VirtualBox/VBoxGuestAdditions.iso

==> virtualbox-ovf: Downloading or copying OVF/OVA

    virtualbox-ovf: Downloading or copying: file:///C:/temp/aws-test/box.ovf

==> virtualbox-ovf: Importing VM: C:/temp/aws-test/box.ovf

==> virtualbox-ovf: Creating forwarded port mapping for communicator (SSH, WinRM, etc) (host port 4085)

==> virtualbox-ovf: Starting the virtual machine...

==> virtualbox-ovf: Waiting 10s for boot...

==> virtualbox-ovf: Typing the boot command...

==> virtualbox-ovf: Waiting for SSH to become available...

==> virtualbox-ovf: Connected to SSH!

==> virtualbox-ovf: Uploading VirtualBox version info (5.2.8)

==> virtualbox-ovf: Uploading VirtualBox guest additions ISO...

==> virtualbox-ovf: Gracefully halting virtual machine...

==> virtualbox-ovf: Preparing to export machine...

    virtualbox-ovf: Deleting forwarded port mapping for the communicator (SSH, WinRM, etc) (host port 4085)

==> virtualbox-ovf: Exporting virtual machine...

    virtualbox-ovf: Executing: export packer-virtualbox-ovf-1535560689 --output output-virtualbox-ovf\packer-virtualbox-ovf-1535560689.ova

==> virtualbox-ovf: Deregistering and deleting imported VM...

==> virtualbox-ovf: Running post-processor: amazon-import

    virtualbox-ovf (amazon-import): Uploading output-virtualbox-ovf\packer-virtualbox-ovf-1535560689.ova to s3://test.domain.com/packer-import-1535560689.ova

    virtualbox-ovf (amazon-import): Completed upload of output-virtualbox-ovf\packer-virtualbox-ovf-1535560689.ova to s3://test.domain.com /packer-import-1535560689.ova

    virtualbox-ovf (amazon-import): Started import of s3://test.domain.com /packer-import-1535560689.ova, task id import-ami-007c6ea5927dab5a7

    virtualbox-ovf (amazon-import): Waiting for task import-ami-007c6ea5927dab5a7 to complete (may take a while)

    virtualbox-ovf (amazon-import): Complete

Dan Franciscus

Dan Franciscus is a systems engineer and VMware Certified Professional (VCP) specializing in VMware, PowerShell, and other Microsoft-based technologies. You can reach Dan at his blog (http://www.winsysblog.com/) or Twitter at @dan_franciscus.

Read next Cross-Site Scripting (XSS) and How MOVEit Transfer 2018 Protects You