Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for custom Temporary IAM Instance Prefixes #495

Open
dlm6693 opened this issue Jul 23, 2024 · 0 comments
Open

Allow for custom Temporary IAM Instance Prefixes #495

dlm6693 opened this issue Jul 23, 2024 · 0 comments
Labels
enhancement

Comments

@dlm6693
Copy link

dlm6693 commented Jul 23, 2024

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Description

At the moment, when generating temporary IAM instance resources (keypairs, security groups, roles, profiles etc.), the name of the generated resources is always prefixed with packer followed by a - or _ then a UUID. It would be useful to either:

A. Provide a complete custom name for each resource. Since these are temporary and should be cleaned up after execution, there should not be concern about naming collision. However, if this could be a some sort of security risk then:
B. Provide a custom prefix for each resource.

Use Case(s)

Providing IAM permissions to a subset of resources each containing a given prefix.

Potential configuration

Could be called something like TemporaryIamInstanceConfig or TemporaryIamInstancePrefix if the prefix must be consisent for all temporary resources.

type StepIamInstanceProfile struct {
	PollingConfig                             *AWSPollingConfig
	IamInstanceProfile                        string
	SkipProfileValidation                     bool
        TemporaryIamInstancePrefix                string
	TemporaryIamInstanceProfilePolicyDocument *PolicyDocument
	createdInstanceProfileName                string
	createdRoleName                           string
	createdPolicyName                         string
	roleIsAttached                            bool
	Tags                                      map[string]string
	Ctx                                       interpolate.Context
}
...
if s.TemporaryIamInstanceProfilePolicyDocument != nil {
	// Create the profile
	iamInstancePrefix := "packer"
	if s.TemporaryIamInstancePrefix != nil {
		iamInstancePrefix = *s.TemporaryIamInstancePrefix
	}
	profileName := fmt.Sprintf("%s-%s", iamInstancePrefix, uuid.TimeOrderedUUID())

Potential References

https://github.com/hashicorp/packer-plugin-amazon/blob/main/builder/common/step_iam_instance_profile.go#L60
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dlm6693