Packer Bakery with AWS Native
Creating pre-baked AMIs using Packer within AWS Native resources (Codepipeline / CodeBuild).
- Tuning minimum permissions can be a bit difficult with the CodePipeline/CodeBuild error messages
- Artifacts bucket should store only temporary/cache files, and should be destroyable
- Logs from CodePipeline & CodeBuild can be restricted to a specific log group
- Unique ‘key’ identifier allow single-use of module within a common key-scope
- Events on-complete require additional resources/overhead
- Image is amazon pre-built, installing Packer on-the-fly
Although nice to leverage IAM solely for this, the benefits don’t really outway the issues with leveraging CodePipeline for this kind of build. Splitting this CI/artifact process is less than ideal, but granting credentials to external providers that can spin up any EC2 & run arbitrary scripts has its concern points.