forked from awslabs/ami-builder-packer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
packer_cis.json
66 lines (66 loc) · 1.73 KB
/
packer_cis.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{
"variables": {
"vpc": "{{env `BUILD_VPC_ID`}}",
"subnet": "{{env `BUILD_SUBNET_ID`}}",
"aws_region": "{{env `AWS_REGION`}}",
"ami_name": "Prod-CIS-Latest-AMZN-{{isotime \"02-Jan-06 03_04_05\"}}"
},
"builders": [{
"name": "AWS AMI Builder - CIS",
"type": "amazon-ebs",
"region": "{{user `aws_region`}}",
"source_ami_filter": {
"filters": {
"virtualization-type": "hvm",
"name": "amzn-ami-hvm-2017.09.*-gp2",
"root-device-type": "ebs"
},
"owners": ["137112412989", "591542846629", "801119661308",
"102837901569", "013907871322", "206029621532",
"286198878708", "443319210888"
],
"most_recent": true
},
"instance_type": "t2.micro",
"ssh_username": "ec2-user",
"ami_name": "{{user `ami_name` | clean_ami_name}}",
"tags": {
"Name": "{{user `ami_name`}}"
},
"run_tags": {
"Name": "{{user `ami_name`}}"
},
"run_volume_tags": {
"Name": "{{user `ami_name`}}"
},
"snapshot_tags": {
"Name": "{{user `ami_name`}}"
},
"ami_description": "Amazon Linux CIS with Cloudwatch Logs agent",
"associate_public_ip_address": "true",
"vpc_id": "{{user `vpc`}}",
"subnet_id": "{{user `subnet`}}"
}],
"provisioners": [{
"type": "shell",
"inline": [
"sudo pip install ansible==2.7.9"
]
},
{
"type": "ansible-local",
"playbook_file": "ansible/playbook.yaml",
"role_paths": [
"ansible/roles/common"
],
"playbook_dir": "ansible",
"galaxy_file": "ansible/requirements.yaml"
},
{
"type": "shell",
"inline": [
"rm .ssh/authorized_keys ; sudo rm /root/.ssh/authorized_keys"
]
}
]
}