ImageBuilder and Terraform - Handy Hints

-

This is for my benefit as much as anybody else, because it took me a while to figure things out:

Most of the time when you write for AWS ImageBuilder, the docs tell you to create separate YAML files containing your components.  That's fine, but what if you want to do dynamic substitutions on path and file names?  In that case you probably want to do the definition in the HCL language.  That is, within the actual Terraform code itself.

Using S3

One of the more fiddly bits is pulling things from S3 to install on your new instance.  You need to do two things:

  • Have an IAM policy which allows access; and
  • Write the component to do the job

Writing the IAM

Create a policy resource that looks something like this:

resource "aws_iam_policy" "s3_policy" {
    name = "s3-policy"
    policy = jsonencode(
      {
          Version = "2012-10-17"
          Statement = [
            {
              Effect = "Allow"
              Action = [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:GetObjectAttributes"
              ]
              Resource = [
                "arn:aws:s3:::${var.code_bucket}"
              ]
            }
          ]
      }
    )
}
This is of course, the bare minimum but it gets the job done.  Now reference this from your role:

resource "aws_iam_role_policy_attachment" "attach" {
    role = aws_iam_role.role.name
    policy_arn = aws_iam_policy.s3_policy.arn
}

And pull stuff from S3

This is a little more complex example, but you're probably going to want to unpack the file, make it executable, etc:

resource "aws_imagebuilder_component" "load_code" {
  data = yamlencode(
    {
        phases = [
            {
                name = "build"
                steps = [
                    {
                        action = "S3Download"
                        inputs = [{
                            source = "s3://${var.code_bucket}/${var.code_file}"
                            destination = "/tmp/${var.code_file}"
                        }]
                        maxAttempts = 3
                        name      = "Copy_Code"
                        onFailure = "Abort"
                    },
                    {
                        action = "ExecuteBash"
                        inputs = {
                            commands = [
                                "cd /opt",
                                "sudo mkdir -p /opt/app",
                                "sudo tar -xvf /tmp/${var.code_file} -C /opt/app"
                                ]
                        }
                        name      = "Install_App"
                        onFailure = "Abort"
                    },
                    {
                        action = "ExecuteBash"
                        inputs = {
                            commands = [
                                "cd /opt/app",
                                "chmod +x ./run.sh"
                                ]
                        }
                        name      = "Configure_App"
                        onFailure = "Continue"
                    }

                ]
            }
        ]
        schemaVersion = 1.0
    }
    )
    name     = "App-Deploy"
    platform = "Linux"
    version  = "1.0.0"
}

Enjoy!



Comments

Post a Comment

Popular posts from this blog

The QYT KT-7900D

-
Image
But is it any good? As you might have noticed, I am now a freshly licensed radio amateur .  As such I do need a transceiver or two in order to get on the air.  This is the story of one of my new radios. I have a limited discretionary budget to use for my new hobby, and I have to say from the outset that my lovely wife has been very supportive.  As such, I want to try and get the best value for our money.  One evening I stumbled upon this little item on Banggood for a little over $A150 including shipping.  Covering both 2m and 70cm bands with a claimed 20W output it seemed almost too good to be true.  I bought one. About ten days later a tiny package arrived for me.  At just 98mm x 43mm x 126mm the photos don't convey quite how small it actually is.  The entire case serves as a heatsink so it is heavier than it looks, but certainly not bulky. The standard power cable comes with a cigarette lighter plug.  As I intended to run it from home using a regulated PSU, I just cut the plug o
Read more

Life with Deep Racer - Part 2

-
Image
 An Update on AWS Deep Racer OK, so AWS Summit Sydney has been run and won.  Not by us however, but there are few interesting tidbits to report: The console is now widely available This is actually pretty big news, because: The console ties together Robomaker, SageMaker and everything else you need in a convenient package There are actual examples of functions included It seems to stay running now There is new firmware for the car Also important; this includes a rolling update for the Ubuntu base as well as the Deep Racer specific bits.  WiFi connection seems more reliable now as well. Our car has a new look Since my employer (Versent) was generous enough to send me to Re:Invent last year (where I got the Deep Racer), I thought it appropriate to deck it out in the company colours, and it was well-received at Summit last week.
Read more

DIY Self-Driving - Part 9 - New Imaging

-
Image
Please Note:    Unlike most of my projects which are fully complete before they are published, this project is as much a build diary as anything else.  Whilst I am attempting to clearly document the processes, this is not a step-by-step guide, and later articles may well contradict earlier instructions. If you decide you want to duplicate my build, please read through all the relevant articles before you start. We have a lot of work to do in pretty short space of time now, with new competitive opportunities in the very near future. To be honest, the line detection has simply not been good enough, and this is leading to some of the poor performance I have been experiencing with the car.  Whilst it really does work, it is not accurate enough.  There are a couple of issues here which need to be dealt with: The core processor is just not powerful enough; and The optics aren't good enough Processing As I noted in my "Next Iteration" article I am looking at othe
Read more