Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
l
little-cartoon-10569
02/15/2021, 8:09 PMDoes anyone have any recommendations for creating AMIs? I don't see a Packer provider, so I'm guessing that one of the AWS-native ways would be the best way to do this using Pulumi?
AmiFromInstance or ImageBuilder.
Currently I'm using SSM to configure instances on startup, but that's not scalable, takes too long to start up 10 identical images.
b
brave-planet-10645
02/15/2021, 10:04 PMThe "official" way with AWS is to use their imagebuilder service.
We've talked internally about using the EC2 provisioner alongside automation API (as you should stop the instance before you use AmiFromInstance and you can't do that from Pulumi - you'd have to use the SDK to stop it)
l
little-cartoon-10569
02/15/2021, 10:07 PMImage builder will stop the instance for you...
But I don't really want to mess with jinja or whatever that double-curly json-like data config is in image builder, if I can do it better in TypeScript...
b
brave-planet-10645
02/15/2021, 10:14 PMhttps://www.github.com/pulumi/examples/tree/master/aws-ts-ec2-provisioners for provisioners example
l
little-cartoon-10569
02/15/2021, 10:28 PMHmm... that's a step in the right direction. It has a few advantages over SSM:
1. Don't need to have the SSM agent running.
2. Don't need to open port 443 to the SSM service (which is addressable only by FQDN and not IP address, so can't easily punch a hole in my SGs for it).
3. Don't need to wait for the agent to pick up the job to configure the instance.
4. When Pulumi is finished, then the instance is already configured.
5. The scripts are in a well-known location on the target machine, so can be manually run later if need be.
6. No more wrestling with PowerShell-text-in-TypeScript-files double-escaping woes.
But it's fully manual, which means
1. No "free" logging, error reporting or retrying.
2. No UI over progress or results.
Also, I'd have to figure out how to join my domain, since I'm currently using a provided SSM function for that..
That provisioners example would allow you to stop the instance @brave-planet-10645. Just put a call in a RemoteExec script to
aws ec2 stop-instanceb
brave-planet-10645
02/16/2021, 9:26 AMYeah windows EC2 are harder because you usually have to join the domain and then restart the instance. At one place I worked we didn't bother to join the windows instances to the domain as there wasn't any need for it. Worth thinking if you absolutely need them joined. If it's purely for credentials then set a strong admin password.