playbooks

home / skills / hashicorp / agent-skills / aws-ami-builder

aws-ami-builder skill

/packer/builders/skills/aws-ami-builder

This skill helps you build custom AMIs with Packer's amazon-ebs, streamlining AWS image creation and provisioning.

npx playbooks add skill hashicorp/agent-skills --skill aws-ami-builder

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
3.6 KB
---
name: aws-ami-builder
description: Build Amazon Machine Images (AMIs) with Packer using the amazon-ebs builder. Use when creating custom AMIs for EC2 instances.
---

# AWS AMI Builder

Build Amazon Machine Images (AMIs) using Packer's `amazon-ebs` builder.

**Reference:** [Amazon EBS Builder](https://developer.hashicorp.com/packer/integrations/hashicorp/amazon/latest/components/builder/ebs)

> **Note:** Building AMIs incurs AWS costs (EC2 instances, EBS storage, data transfer). Builds typically take 10-30 minutes depending on provisioning complexity.

## Basic AMI Template

```hcl
packer {
  required_plugins {
    amazon = {
      source  = "github.com/hashicorp/amazon"
      version = "~> 1.3"
    }
  }
}

variable "region" {
  type    = string
  default = "us-west-2"
}

locals {
  timestamp = regex_replace(timestamp(), "[- TZ:]", "")
}

source "amazon-ebs" "ubuntu" {
  region        = var.region
  instance_type = "t3.micro"

  source_ami_filter {
    filters = {
      name                = "ubuntu/images/*ubuntu-jammy-22.04-amd64-server-*"
      root-device-type    = "ebs"
      virtualization-type = "hvm"
    }
    most_recent = true
    owners      = ["099720109477"] # Canonical
  }

  ssh_username = "ubuntu"
  ami_name     = "my-app-${local.timestamp}"

  tags = {
    Name      = "my-app"
    BuildDate = local.timestamp
  }
}

build {
  sources = ["source.amazon-ebs.ubuntu"]

  provisioner "shell" {
    inline = [
      "sudo apt-get update",
      "sudo apt-get upgrade -y",
    ]
  }
}
```

## Common Source AMI Filters

### Ubuntu 22.04 LTS
```hcl
source_ami_filter {
  filters = {
    name                = "ubuntu/images/*ubuntu-jammy-22.04-amd64-server-*"
    root-device-type    = "ebs"
    virtualization-type = "hvm"
  }
  most_recent = true
  owners      = ["099720109477"] # Canonical
}
```

### Amazon Linux 2023
```hcl
source_ami_filter {
  filters = {
    name                = "al2023-ami-*-x86_64"
    root-device-type    = "ebs"
    virtualization-type = "hvm"
  }
  most_recent = true
  owners      = ["amazon"]
}
```

## Multi-Region AMI

```hcl
source "amazon-ebs" "ubuntu" {
  region        = "us-west-2"
  instance_type = "t3.micro"

  source_ami_filter {
    filters = {
      name = "ubuntu/images/*ubuntu-jammy-22.04-amd64-server-*"
    }
    most_recent = true
    owners      = ["099720109477"]
  }

  ssh_username = "ubuntu"
  ami_name     = "my-app-${local.timestamp}"

  # Copy to additional regions
  ami_regions = ["us-east-1", "us-east-2", "eu-west-1"]
}
```

## Authentication

Packer uses AWS credential resolution:

1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`
2. AWS credentials file: `~/.aws/credentials`
3. IAM instance profile (when running on EC2)

```bash
export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
export AWS_REGION="us-west-2"

packer build .
```

## Build Commands

```bash
# Initialize plugins
packer init .

# Validate template
packer validate .

# Build AMI
packer build .

# Build with variables
packer build -var "region=us-east-1" .
```

## Common Issues

**SSH Timeout**
- Ensure security group allows SSH (port 22)
- Verify subnet has internet access

**AMI Already Exists**
- AMI names must be unique
- Use timestamp in name: `my-app-${local.timestamp}`

**Volume Size Too Small**
- Check source AMI's volume size
- Set `launch_block_device_mappings.volume_size` accordingly

## References

- [Amazon EBS Builder](https://developer.hashicorp.com/packer/integrations/hashicorp/amazon/latest/components/builder/ebs)
- [AWS AMI Documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)

Overview

This skill builds Amazon Machine Images (AMIs) using Packer's amazon-ebs builder. It provides ready-to-use templates, common source AMI filters, multi-region copy options, and practical build commands to create reproducible custom EC2 images. Use it to automate AMI creation, incorporate provisioning steps, and distribute AMIs across regions.

How this skill works

The skill generates Packer HCL templates that launch a temporary EC2 instance from a filtered source AMI, runs provisioners (shell, scripts, etc.), and creates a new AMI from the instance volume. It supports source_ami_filter for selecting official images, ami_regions for cross-region copying, and standard AWS credential resolution for authentication. Templates include tagging, unique AMI naming with timestamps, and options to adjust instance type and block device mappings.

When to use it

  • Creating a custom AMI with preinstalled software and configuration for production or test environments.
  • Automating AMI builds as part of CI/CD pipelines to ensure reproducible images.
  • Copying a validated AMI to multiple AWS regions for global deployments.
  • Building golden images that meet security and compliance baselines.
  • Replacing manual EC2 provisioning by baking configuration into an AMI.

Best practices

  • Use source_ami_filter with owners and most_recent to select official base images reliably.
  • Include a timestamp in ami_name to guarantee unique AMI names and avoid conflicts.
  • Validate and test templates locally with packer validate before running full builds.
  • Open SSH only from trusted IPs and ensure the build subnet has internet access for provisioning.
  • Adjust launch_block_device_mappings.volume_size if the source AMI disk is too small for your artifacts.

Example use cases

  • Build an Ubuntu 22.04-based AMI with application dependencies preinstalled and push to us-east-1 and eu-west-1.
  • Create a hardened Amazon Linux 2023 AMI with security hardening scripts applied during provisioning.
  • Automate nightly AMI builds in CI, tagging each AMI with build metadata and timestamp.
  • Produce a minimal, immutable AMI for autoscaling groups to speed instance start-up.

FAQ

How does authentication work for Packer builds?

Packer relies on AWS credential resolution: environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY), the AWS credentials file (~/.aws/credentials), or an IAM instance profile when running on EC2.

Why did my build fail with SSH timeout?

Ensure the security group used by the build allows SSH (port 22) from your builder and that the subnet provides internet access for package downloads and provisioning.