Skip to content
Permalink
Browse files
Don't encrypt the AMI's root snapshot (#17)
We are an open-source project, so we don't need to pay the cost or
complexity of having this, but mainly having an ASG launch this AMI
needs we need to set up a more complex "Service-Linked" IAM role, which
is complexity we just don't need.
  • Loading branch information
ashb committed Apr 23, 2021
1 parent 86bb048 commit e036ae904379e7364c93a7f23456c3507fb749c9
Showing 2 changed files with 1 addition and 6 deletions.
@@ -33,9 +33,6 @@ variable "packer_role_arn" {
variable "runner_version" {
type = string
}
variable "kms_key_arn" {
type = string
}
variable "session_manager_instance_profile_name" {
type = string
}
@@ -54,8 +51,7 @@ source "amazon-ebs" "runner_builder" {
key = "ami"
value = "github-runner-ami"
}
encrypt_boot = true
kms_key_id = var.kms_key_arn
encrypt_boot = false
instance_type = "t3.micro"
communicator = "ssh"
ssh_username = "ubuntu"
@@ -21,5 +21,4 @@ aws_region = "eu-central-1"
subnet_id = "subnet-72ed3c0e"
packer_role_arn = "arn:aws:iam::827901512104:role/packer-role"
runner_version = "2.278.0-airflow2"
kms_key_arn = "arn:aws:kms:eu-central-1:827901512104:key/48a58710-7ac6-4f88-995f-758a6a450faa"
session_manager_instance_profile_name = "packer_ssm_instance_profile"

0 comments on commit e036ae9

Please sign in to comment.