Add iam instance profile support

In order to better use SSM for building rather than SSH, we need to be able to configure the iam_instance_profile. This change adds `iam_instance_profile` that can be used when setting `ssh_interfance` to `session_manager`. When using `session_manager` you will need to use a non-minimal version of the source ami to ensure it has the SSM agent available at launch. You may also need to increase the volume size from 4 depending on which source AMI you use.
awslabs · Feb 20, 2024 · 1f70439 · 1f70439
1 parent 5c6d0e0
commit 1f70439
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 1 deletion.
diff --git a/doc/USER_GUIDE.md b/doc/USER_GUIDE.md
@@ -42,6 +42,7 @@ Users have the following options for specifying their own values:
 | `docker_version` | ```20.10.*``` |  |
 | `encrypted` | ```false``` |  |
 | `enable_fips` | ```false``` | Install openssl and enable fips related kernel parameters |
+| `iam_instance_profile` | *None* | The name of an IAM instance profile to launch the EC2 instance with. |
 | `instance_type` | *None* |  |
 | `kernel_version` | `""` |  |
 | `kms_key_id` | `""` |  |
@@ -56,7 +57,7 @@ Users have the following options for specifying their own values:
 | `source_ami_filter_name` | ```amzn2-ami-minimal-hvm-*``` |  |
 | `source_ami_id` | `""` |  |
 | `source_ami_owners` | ```137112412989``` |  |
-| `ssh_interface` | `""` |  |
+| `ssh_interface` | `""` | If using ```session_manager```, you need to specify a non-minimal ami as the minimal version does not have the SSM agent installed. |
 | `ssh_username` | ```ec2-user``` |  |
 | `ssm_agent_version` | `""` | Version of the SSM agent to install from the S3 bucket provided by the SSM agent project, such as ```latest```. If empty, the latest version of the SSM agent available in the Amazon Linux core repositories will be installed. |
 | `subnet_id` | `""` |  |

diff --git a/eks-worker-al2-variables.json b/eks-worker-al2-variables.json
@@ -20,6 +20,7 @@
     "encrypted": "false",
     "kernel_version": "",
     "kms_key_id": "",
+    "iam_instance_profile": "",
     "launch_block_device_mappings_volume_size": "4",
     "pause_container_version": "3.5",
     "pull_cni_from_github": "true",

diff --git a/eks-worker-al2.json b/eks-worker-al2.json
@@ -22,6 +22,7 @@
     "docker_version": null,
     "encrypted": null,
     "enable_fips": null,
+    "iam_instance_profile": null,
     "instance_type": null,
     "kernel_version": null,
     "kms_key_id": null,
@@ -86,6 +87,7 @@
         "max_attempts": 90
       },
       "ami_regions": "{{user `ami_regions`}}",
+      "iam_instance_profile": "{{user `iam_instance_profile`}}",
       "ssh_username": "{{user `ssh_username`}}",
       "ssh_interface": "{{user `ssh_interface`}}",
       "temporary_security_group_source_cidrs": "{{user `temporary_security_group_source_cidrs`}}",