From 09490de1ea5b86934c15558d46e49c160d0aac9b Mon Sep 17 00:00:00 2001 From: Marcin Prokop Date: Thu, 26 Oct 2023 16:06:23 +0200 Subject: [PATCH] Add AL2023 minimal AMI --- .../workflows/build_aws_minimal_manually.yml | 60 +++++++ .github/workflows/ci.yml | 2 +- aws_minimal.pkr.hcl | 167 ++++++++++++++++++ .../configs/amazon-cloudwatch-agent.json | 134 ++++++++++++++ aws_minimal/scripts/cloudwatch-agent.sh | 20 +++ aws_minimal/scripts/dnf-update.sh | 3 + aws_minimal/scripts/docker.sh | 3 + aws_minimal/scripts/ssm-agent.sh | 10 ++ 8 files changed, 398 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/build_aws_minimal_manually.yml create mode 100644 aws_minimal.pkr.hcl create mode 100644 aws_minimal/configs/amazon-cloudwatch-agent.json create mode 100644 aws_minimal/scripts/cloudwatch-agent.sh create mode 100644 aws_minimal/scripts/dnf-update.sh create mode 100644 aws_minimal/scripts/docker.sh create mode 100644 aws_minimal/scripts/ssm-agent.sh diff --git a/.github/workflows/build_aws_minimal_manually.yml b/.github/workflows/build_aws_minimal_manually.yml new file mode 100644 index 0000000..b927117 --- /dev/null +++ b/.github/workflows/build_aws_minimal_manually.yml @@ -0,0 +1,60 @@ +name: AWS minimal AMI manual publish + +on: + workflow_dispatch: + +jobs: + timestamp: + name: Get the build timestamp + runs-on: ubuntu-latest + outputs: + timestamp: ${{ steps.timestamp.outputs.timestamp }} + steps: + - name: Get the timestamp + id: timestamp + run: echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT + + build: + # Since we run in parallel, let's make sure we use the same timestamp for all jobs + needs: timestamp + strategy: + matrix: + arch: [x86_64, arm64] + name: Build the AWS AMI using Packer + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - name: Check out the source code + uses: actions/checkout@main + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ secrets.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-duration-seconds: 3600 + + - name: Setup packer + uses: hashicorp/setup-packer@main + with: + version: latest + + - name: Initialize Packer + run: packer init aws_minimal.pkr.hcl + + - name: Build the AWS AMI using Packer (${{ matrix.arch }}) + run: packer build aws_minimal.pkr.hcl + env: + PKR_VAR_encrypt_boot: false + PKR_VAR_ami_name_prefix: minimal-spacelift-${{ needs.timestamp.outputs.timestamp }} + PKR_VAR_source_ami_architecture: ${{ matrix.arch }} + PKR_VAR_instance_type: ${{ matrix.arch == 'x86_64' && 't3.micro' || 't4g.micro' }} + + - name: Upload manifest + uses: actions/upload-artifact@v3 + with: + path: manifest_aws_minimal.json + name: manifest_aws_minimal.json + retention-days: 5 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1639cf9..823207c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: name: 👷 ${{ matrix.cloud }} strategy: matrix: - cloud: [aws, azure, gcp] + cloud: [aws, aws_minimal, azure, gcp] runs-on: ubuntu-latest env: # AWS diff --git a/aws_minimal.pkr.hcl b/aws_minimal.pkr.hcl new file mode 100644 index 0000000..ffc8cbb --- /dev/null +++ b/aws_minimal.pkr.hcl @@ -0,0 +1,167 @@ +packer { + required_plugins { + amazon-ami-management = { + version = "2.0.0" + source = "github.com/spacelift-io/amazon-ami-management" + } + } +} + +variable "ami_name_prefix" { + type = string + default = "minimal-spacelift-{{timestamp}}" +} + +variable "ami_regions" { + type = list(string) + default = [ + "ap-northeast-1", + "ap-northeast-2", + "ap-northeast-3", + "ap-southeast-1", + "ap-southeast-2", + "ap-south-1", + "ca-central-1", + "eu-central-1", + "eu-west-1", + "eu-west-2", + "eu-west-3", + "eu-north-1", + "sa-east-1", + "us-east-1", + "us-east-2", + "us-west-1", + "us-west-2", + ] +} + +variable "source_ami_architecture" { + type = string + default = "x86_64" +} + +variable "source_ami_owners" { + type = list(string) + default = ["137112412989"] # defaults to Amazon for Amazon Linux, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/amazon_linux_container_image.html +} + +variable "ami_groups" { + type = list(string) + default = ["all"] +} + +variable "instance_type" { + type = string + default = "t3.micro" +} + +variable "encrypt_boot" { + type = bool + default = true +} + +variable "shared_credentials_file" { + type = string + default = null +} + +variable "subnet_filter" { + type = map(string) + default = null +} + +variable "additional_tags" { + type = map(string) + default = {} +} + +variable "region" { + type = string + default = "us-east-1" +} + +variable "vpc_id" { + type = string + default = null +} + +source "amazon-ebs" "spacelift" { + source_ami_filter { + filters = { + virtualization-type = "hvm" + name = "al2023-ami-minimal-*-kernel-6.1-${var.source_ami_architecture}" + root-device-type = "ebs" + architecture = var.source_ami_architecture + } + owners = var.source_ami_owners + most_recent = true + } + + ami_name = "${var.ami_name_prefix}-${var.source_ami_architecture}" + ami_regions = var.ami_regions + ami_groups = var.ami_groups + ami_description = <