By Corey Gale ([email protected])
- Automated, idempotent AMI builds with Packer AMIs are only re-built when their definition changes
- CI-friendly solution
To learn more about the GumGum AMI Bakery, checkout our slideshow!
Docker image: docker pull mechtron/ami-bakery
To use the GumGum AMI Bakery in your CI environment, see the following configuration options:
To specify where the ephemeral Packer instance is launched:
AWS_DEFAULT_REGIONAWS_SUBNET_ID
To specify the AMI configuration files:
PACKER_JSON_PATH: path to the Packer JSON fileAMI_DEFINITION_DIRS: comma-separated list of directories containing the AMI's configuration code
docker run --rm -t \
-e AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION \
-e AWS_SUBNET_ID=$AWS_SUBNET_ID \
-e PACKER_JSON_PATH=`pwd`/example-app/ami/packer/ami.json \
-e AMI_DEFINITION_DIRS=`pwd`/example-app/ami/ \
--mount type=bind,source=`pwd`,target=`pwd` \
--mount type=bind,source=$HOME/.aws/,target=/root/.aws \
mechtron/ami-bakery:latest
In addition to the build's stdout, the new AMI ID is also outputted to the file .ami_id.json. Here's an example of the contents of that file:
{"ami_id": "ami-0d8ebf1e938f7f16e"}
cat .ami_id.json | jq .ami_id
To compute the desired "AMI Config Checksum" within the "Build AMI" container:
- Within the service's repository, get a list of all files contained in the AMI's passed configuration directories
- Sort the list of files alphabetically
- Calculate the SHA1 checksums of every file
- Concatenate the list of file checksums
- Calculate the SHA1 checksum of the concatenated list of checksums - this is the AMI Config Checksum
To look-up an AMI ID by AMI Config Checksum:
- List all AMIs tagged with the desired AMI Config Checksum (tag name is
ami_config_checksum) - If no AMIs exist with that AMI Config Checksum, build and tag a new AMI and return it's AMI ID
- If an AMI has already been built, return it's AMI ID. Should multiple AMIs exist with the same AMI Config Checksum, return the AMI ID of the newest image.