From d99cc72e14aa3cb747a67489f8cb819c1ff1c476 Mon Sep 17 00:00:00 2001
From: Alex Schultz <aschultz@clumio.com>
Date: Mon, 19 Feb 2024 17:15:03 -0700
Subject: [PATCH 1/2] Add iam instance profile support

In order to better use SSM for building rather than SSH, we need to be
able to configure the iam_instance_profile.  This change adds
`iam_instance_profile` that can be used when setting `ssh_interfance` to
`session_manager`.  When using `session_manager` you will need to use a
non-minimal version of the source ami to ensure it has the SSM agent
available at launch. You may also need to increase the volume size from
4 depending on which source AMI you use.
---
 doc/usage/al2.md                     | 3 ++-
 doc/usage/al2023.md                  | 3 ++-
 templates/al2/template.json          | 2 ++
 templates/al2/variables-default.json | 1 +
 templates/al2023/template.json       | 1 +
 5 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/doc/usage/al2.md b/doc/usage/al2.md
index 853d5b06e..0c0290b7f 100644
--- a/doc/usage/al2.md
+++ b/doc/usage/al2.md
@@ -26,6 +26,7 @@
 | `docker_version` | Docker is not installed on Kubernetes v1.25+ |
 | `enable_fips` | Install openssl and enable fips related kernel parameters |
 | `encrypted` |  |
+| `iam_instance_profile` | The name of an IAM instance profile to launch the EC2 instance with. |
 | `instance_type` |  |
 | `kernel_version` |  |
 | `kms_key_id` |  |
@@ -40,7 +41,7 @@
 | `source_ami_filter_name` |  |
 | `source_ami_id` |  |
 | `source_ami_owners` |  |
-| `ssh_interface` |  |
+| `ssh_interface` | If using ```session_manager```, you need to specify a non-minimal ami as the minimal version does not have the SSM agent installed. |
 | `ssh_username` |  |
 | `ssm_agent_version` | Version of the SSM agent to install from the S3 bucket provided by the SSM agent project, such as ```latest```. If empty, the latest version of the SSM agent available in the Amazon Linux core repositories will be installed. |
 | `subnet_id` |  |
diff --git a/doc/usage/al2023.md b/doc/usage/al2023.md
index 58ff5b265..1062a5e4e 100644
--- a/doc/usage/al2023.md
+++ b/doc/usage/al2023.md
@@ -23,6 +23,7 @@
 | `creator` |  |
 | `enable_fips` | Install openssl and enable fips related kernel parameters |
 | `encrypted` |  |
+| `iam_instance_profile` | The name of an IAM instance profile to launch the EC2 instance with. |
 | `instance_type` |  |
 | `kms_key_id` |  |
 | `kubernetes_build_date` |  |
@@ -35,7 +36,7 @@
 | `source_ami_filter_name` |  |
 | `source_ami_id` |  |
 | `source_ami_owners` |  |
-| `ssh_interface` |  |
+| `ssh_interface` | If using ```session_manager```, you need to specify a non-minimal ami as the minimal version does not have the SSM agent installed. |
 | `ssh_username` |  |
 | `ssm_agent_version` | Version of the SSM agent to install from the S3 bucket provided by the SSM agent project, such as ```latest```. If empty, the latest version of the SSM agent available in the Amazon Linux core repositories will be installed. |
 | `subnet_id` |  |
diff --git a/templates/al2/template.json b/templates/al2/template.json
index 5fc902941..7dee03ef6 100644
--- a/templates/al2/template.json
+++ b/templates/al2/template.json
@@ -22,6 +22,7 @@
     "docker_version": null,
     "enable_fips": null,
     "encrypted": null,
+    "iam_instance_profile": null,
     "instance_type": null,
     "kernel_version": null,
     "kms_key_id": null,
@@ -86,6 +87,7 @@
         "max_attempts": 90
       },
       "ami_regions": "{{user `ami_regions`}}",
+      "iam_instance_profile": "{{user `iam_instance_profile`}}",
       "ssh_username": "{{user `ssh_username`}}",
       "ssh_interface": "{{user `ssh_interface`}}",
       "temporary_security_group_source_cidrs": "{{user `temporary_security_group_source_cidrs`}}",
diff --git a/templates/al2/variables-default.json b/templates/al2/variables-default.json
index 8a33308a2..c4987907b 100644
--- a/templates/al2/variables-default.json
+++ b/templates/al2/variables-default.json
@@ -20,6 +20,7 @@
     "encrypted": "false",
     "kernel_version": "",
     "kms_key_id": "",
+    "iam_instance_profile": "",
     "launch_block_device_mappings_volume_size": "4",
     "pause_container_version": "3.5",
     "pull_cni_from_github": "true",
diff --git a/templates/al2023/template.json b/templates/al2023/template.json
index e2cbe1b3f..752d1b9f9 100644
--- a/templates/al2023/template.json
+++ b/templates/al2023/template.json
@@ -19,6 +19,7 @@
     "creator": null,
     "enable_fips": null,
     "encrypted": null,
+    "iam_instance_profile": null,
     "instance_type": null,
     "kms_key_id": null,
     "kubernetes_build_date": null,

From 0615637895a7094055585455f684b54b79ee07ef Mon Sep 17 00:00:00 2001
From: Alex Schultz <aschultz@clumio.com>
Date: Fri, 1 Mar 2024 18:29:25 -0700
Subject: [PATCH 2/2] Add missing default

---
 templates/al2023/variables-default.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/al2023/variables-default.json b/templates/al2023/variables-default.json
index 0eafe1d1f..ce5be91fc 100644
--- a/templates/al2023/variables-default.json
+++ b/templates/al2023/variables-default.json
@@ -16,6 +16,7 @@
     "enable_fips": "false",
     "encrypted": "false",
     "kms_key_id": "",
+    "iam_instance_profile": "",
     "launch_block_device_mappings_volume_size": "20",
     "pause_container_version": "3.5",
     "remote_folder": "/tmp",