Way to show AWS API calls being made by Packer in post-processors section?

I have a Packer template with the following post-processors section:

  "post-processors": [
    {
      "type": "amazon-import",
      "ami_name": "my_image-{{user `os_version`}}",
      "access_key": "{{user `aws_access_key`}}",
      "secret_key": "{{user `aws_secret_key`}}",
      "region": "us-east-1",
      "s3_bucket_name": "my_s3_bucket",
      "tags": {
        "Description": "Packer build {{timestamp}}",
        "Version": "{{user `build_version`}}"
      },
      "only": ["aws"]
    }

I'm trying to debug a policy/permissions issue and wanted to see more details as to what AWS API calls Packer is making here with the amazon-import Post-Processor.

I'm aware of the PACKER_LOG=1 environment variable, but is there anything more verbose than this? This output doesn't give me much to go on:

2017/08/11 23:55:24 packer: 2017/08/11 23:55:24 Waiting for state to become: completed
2017/08/11 23:55:24 packer: 2017/08/11 23:55:24 Using 2s as polling delay (change with AWS_POLL_DELAY_SECONDS)
2017/08/11 23:55:24 packer: 2017/08/11 23:55:24 Allowing 300s to complete (change with AWS_TIMEOUT_SECONDS)
2017/08/12 00:29:59 ui:     aws (amazon-import): Import task import-ami-fg0qxxdb complete
    aws (amazon-import): Import task import-ami-fg0qxxdb complete
2017/08/12 00:29:59 ui:     aws (amazon-import): Starting rename of AMI (ami-c01125bb)
    aws (amazon-import): Starting rename of AMI (ami-c01125bb)
2017/08/12 00:29:59 ui:     aws (amazon-import): Waiting for AMI rename to complete (may take a while)
2017/08/12 00:29:59 packer: 2017/08/12 00:29:59 Waiting for state to become: available
    aws (amazon-import): Waiting for AMI rename to complete (may take a while)
2017/08/12 00:29:59 packer: 2017/08/12 00:29:59 Using 2s as polling delay (change with AWS_POLL_DELAY_SECONDS)
2017/08/12 00:29:59 packer: 2017/08/12 00:29:59 Allowing 300s to complete (change with AWS_TIMEOUT_SECONDS)
2017/08/12 00:29:59 packer: 2017/08/12 00:29:59 Error on AMIStateRefresh: UnauthorizedOperation: You are not authorized to perform this operation.
2017/08/12 00:29:59 packer:     status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113
2017/08/12 00:29:59 [INFO] (telemetry) ending amazon-import
2017/08/12 00:29:59 [INFO] (telemetry) found error: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113
2017/08/12 00:29:59 Deleting original artifact for build 'aws'
2017/08/12 00:29:59 ui error: Build 'aws' errored: 1 error(s) occurred:

* Post-processor failed: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113
2017/08/12 00:29:59 Builds completed. Waiting on interrupt barrier...
2017/08/12 00:29:59 machine readable: error-count []string{"1"}
2017/08/12 00:29:59 ui error:
==> Some builds didn't complete successfully and had errors:
2017/08/12 00:29:59 machine readable: aws,error []string{"1 error(s) occurred:\n\n* Post-processor failed: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.\n\tstatus code: 403, request id: f53ea750-788e-4213-accc-def6ca459113"}
Build 'aws' errored: 1 error(s) occurred:

2017/08/12 00:29:59 ui error: --> aws: 1 error(s) occurred:

* Post-processor failed: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113
2017/08/12 00:29:59 ui:
==> Builds finished but no artifacts were created.
* Post-processor failed: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113

==> Some builds didn't complete successfully and had errors:
--> aws: 1 error(s) occurred:

* Post-processor failed: Error waiting for AMI (ami-3f132744): UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: f53ea750-788e-4213-accc-def6ca459113

==> Builds finished but no artifacts were created.
2017/08/12 00:30:00 [WARN] (telemetry) Error finalizing report. This is safe to ignore. Post https://checkpoint-api.hashicorp.com/v1/telemetry/packer: context deadline exceeded
2017/08/12 00:30:00 waiting for all plugin processes to complete...
2017/08/12 00:30:00 /usr/local/bin/packer: plugin process exited
2017/08/12 00:30:00 /usr/local/bin/packer: plugin process exited
2017/08/12 00:30:00 /usr/local/bin/packer: plugin process exited

I'm assuming this is a policy permissions issue but I can't tell what I'm missing from the above output.

1 answer

  • answered 2017-08-12 11:54 Rickard von Essen

    Unfortunately there is no more debugging to enable.

    I recommend that that you review that you have created all policies according to the docs and review the permission for the user. You can do that by pasting the ACCESS KEY ID in Search IAM.

    As an last resource it can be good to go through the process manually with the AWS cli.