Skip to content

Latest commit

 

History

History
286 lines (216 loc) · 8.08 KB

aws_ami.adoc

File metadata and controls

286 lines (216 loc) · 8.08 KB
Raw
title description lead date lastmod draft images menu toc plugins
Amazon AMI
Manipulate AWS EC2 AMI information
kind: aws/ami
2021-10-01 10:39:00 +0200
2021-10-01 10:39:00 +0200
false
docs
parent
plugin-resource
true
source
condition
Table of Contents
source condition target

Description

source

The aws/ami "source" retrieves the latest AWS AMI ID for specific filters.

condition

The aws/ami "condition" test that an AWS AMI exist based on specific filters.

Parameters

{{< resourceparameters "sources" "aws/ami" >}}

SortBy

Considering that the AMI resource is designed to manipulate the latest AMI found based on filters, the parameter SortBy can be used to specify how the list of results is sorted which affects the latest element returned.

sortBy accept one of the following creationDateAsc and creationDateDesc where they will respectively return the newest or the oldest AMI ID based on creation time.

Filter

AMI are identified based on different filter such platform, name,etc.

Name

Required

Default

Description [cols="1,1,1,4",options=header]

Name

-

Define the filter Name.

Values

-

Define the filter value associated to the filter name.

Name

  • architecture - The image architecture (i386 | x86_64 | arm64).

  • block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.snapshot-id - The ID of the snapshot used for the EBS volume.

  • block-device-mapping.volume-size - The volume size of the EBS volume, in GiB.

  • block-device-mapping.volume-type - The volume type of the EBS volume (gp2 | io1 | io2 | st1 | sc1 | standard).

  • block-device-mapping.encrypted - A Boolean that indicates whether the EBS volume is encrypted.

  • description - The description of the image (provided during image creation).

  • ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.

  • hypervisor - The hypervisor type (ovm | xen).

  • image-id - The ID of the image.

  • image-type - The image type (machine | kernel | ramdisk).

  • is-public - A Boolean that indicates whether the image is public.

  • kernel-id - The kernel ID.

  • manifest-location - The location of the image manifest.

  • name - The name of the AMI (provided during image creation).

  • owner-alias - The owner alias (amazon | aws-marketplace). The valid aliases are defined in an Amazon-maintained list. This is not the AWS account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.

  • owner-id - The AWS account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.

  • platform - The platform. To only list Windows-based AMIs, use windows.

  • product-code - The product code.

  • product-code.type - The type of the product code (devpay | marketplace).

  • ramdisk-id - The RAM disk ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • state - The state of the image (available | pending | failed).

  • state-reason-code - The reason code for the state change.

  • state-reason-message - The message for the state change.

  • sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • virtualization-type - The virtualization type (paravirtual | hvm).

Authentication

Different mechanisms can be used to authenticate with AWS API. They are applied in the following order.

Environment Variables

updatecli retrieves credentials from the environment variables.

Environment variables used:

  • Access Key ID: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY

  • Secret Access Key: AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY

Shared Credentials File

updatecli can retrieves credentials from the AWS cli credential file. By default, it looks for the file location into AWS_SHARED_CREDENTIALS_FILE env variable, otherwise it fall back to the current user’s home directory.

  • Linux/OSX: "$HOME/.aws/credentials"

  • Windows: "%USERPROFILE%\.aws\credentials"

The AWS "profile" used is defined by the environment variable AWS_PROFILE and fallback to "default" if not defined.

Updatecli configuration

We can provide credentials directly from a updatecli configuration by using the two following settings access_key and secret_key as in the following example.

updatecli configuration
kind: aws/ami
name: resource to manipulate aws ami id
spec:
  access_key: "insert AWS access key"
  secret_key: "insert AWS secret key"
  filters:
    - name: "name"
      values: "image name "

IAM Policy

To work, we need at least the following IAM policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Action": [
                "ec2:ReadTags",
                "ec2:DescribeInstances",
                "ec2:DescribeRegions",
                "ec2:DescribeImages",
                "ec2:DescribeAvailabilityZones"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Example

---
title: Bump agent templates version on all controllers
sources:
  packerImageVersion:
    kind: githubRelease
    spec:
      owner: "jenkins-infra"
      repository: "packer-images"
      token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
      username: '{{ requiredEnv "UPDATECLI_GITHUB_ACTOR" }}'
  getLatestUbuntuAgentAMIAmd64:
    kind: aws/ami
    depends_on:
      - packerImageVersion
    spec:
      region: us-east-2
      filters:
        - name: "name"
          values: "jenkins-agent-ubuntu-20-amd64-*"
        - name: "tag:build_type"
          values: "prod"
        - name: "tag:version"
          values: '{{ source "packerImageVersion" }}'
  getLatestWindowsAgentAMIAmd64:
    kind: aws/ami
    depends_on:
      - packerImageVersion
    spec:
      region: us-east-2
      filters:
        - name: "name"
          values: "jenkins-agent-windows-2019-amd64-*"
        - name: "tag:build_type"
          values: "prod"
        - name: "tag:version"
          values: '{{ source "packerImageVersion" }}'
  getLatestUbuntuAgentAMIArm64:
    kind: aws/ami
    depends_on:
      - packerImageVersion
    spec:
      region: us-east-2
      filters:
        - name: "name"
          values: "jenkins-agent-ubuntu-20-arm64-*"
        - name: "tag:build_type"
          values: "prod"
        - name: "tag:version"
          values: '{{ source "packerImageVersion" }}'

targets:
  setUbuntuAgentAMIAmd64:
    name: "Bump AMI ID for Ubuntu AMD64 agents"
    kind: shell
    sourceID: getLatestUbuntuAgentAMIAmd64
    spec:
      command: echo ubuntu-amd
  setUbuntuAgentAMIArm64:
    name: "Bump AMI ID for Ubuntu ARM64 agents"
    kind: shell
    sourceID: getLatestUbuntuAgentAMIArm64
    spec:
      command: echo ubuntu-arm
  setWindowsAgentAMIAmd64:
    name: "Bump AMI ID for Windows ARM64 agents"
    kind: shell
    sourceID: getLatestWindowsAgentAMIAmd64
    spec:
      command: echo windows-amd