Community Note
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
Description
AWS has recently announced support for sharing Amazon Machine Images across AWS Organizations and Organizational Units.
Previously, we were able to share AMIs with specific AWS account IDs. In packer, this is usually defined as a list(string) in ami_users in the amazon-ebs builder.
Use Case(s)
As It is now possible to share AMIs on Organizations level, which would be a huge benefit for anyone that is using the Organizations service and wants to have centrally build AMIs shared across.
Potential configuration
I think that adding two additional variables would be sufficient:
ami_organization_id or it's shorter form ami_org_id
variable "ami_org_id" {
description = "AWS Organizations ARN"
type = string
default = "arn:aws:organizations::111122223333:organization/o-123example"
}
source "amazon-ebs" "amazon-linux2" {
ami_name = "${var.ami_base_name}-hvm-${formatdate("YYYYMMDD", timestamp())}.${var.build_number}-x86_64-gp2"
ebs_optimized = true
ena_support = true
ami_org_id = var.ami_org_id
launch_block_device_mappings {
delete_on_termination = true
device_name = "/dev/xvda"
encrypted = true
kms_key_id = var.ami_kms_key_alias
volume_size = 40
volume_type = "gp2"
}
}
ami_organizational_unit_ids or it's shorter form ami_ou_ids
variable "ami_ou_ids" {
description = "AWS Organizational Unit ARNs"
type = list(string)
default = [
"arn:aws:organizations::o-exampleorgid:ou/r-examplerootid111/ou-examplerootid111-exampleouid111",
"arn:aws:organizations::o-exampleorgid:ou/r-examplerootid111/ou-examplerootid111-exampleouid222"
]
}
source "amazon-ebs" "amazon-linux2" {
ami_name = "${var.ami_base_name}-hvm-${formatdate("YYYYMMDD", timestamp())}.${var.build_number}-x86_64-gp2"
ebs_optimized = true
ena_support = true
ami_ou_ids = var.ami_ou_ids
launch_block_device_mappings {
delete_on_termination = true
device_name = "/dev/xvda"
encrypted = true
kms_key_id = var.ami_kms_key_alias
volume_size = 40
volume_type = "gp2"
}
}
Potential References
Community Note
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
Description
AWS has recently announced support for sharing Amazon Machine Images across AWS Organizations and Organizational Units.
Previously, we were able to share AMIs with specific AWS account IDs. In packer, this is usually defined as a list(string) in
ami_usersin theamazon-ebsbuilder.Use Case(s)
As It is now possible to share AMIs on Organizations level, which would be a huge benefit for anyone that is using the Organizations service and wants to have centrally build AMIs shared across.
Potential configuration
I think that adding two additional variables would be sufficient:
ami_organization_idor it's shorter formami_org_idami_organizational_unit_idsor it's shorter formami_ou_idsPotential References