lox
commented
7 years ago We've really tried to avoid supporting forks, but I hear you. I think I'd be ok with making this a packer variable though.
Open patrobinson opened 7 years ago
lox
commented
7 years ago We've really tried to avoid supporting forks, but I hear you. I think I'd be ok with making this a packer variable though.
patrobinson
commented
7 years ago I'm not saying you should support forks, just saying I want to make it hard for people to do the wrong thing :)
lox
commented
7 years ago In practice that is the same thing :)
lox
commented
7 years ago That said, I think this is a good idea. 👍🏻
The
ami_groupsetting for the Agent isallby default https://github.com/buildkite/elastic-ci-stack-for-aws/blob/326c4a81367de24db63f2e1f04a894327f006bb9/packer/buildkite-ami.json#L13This means each AMI built from this template is publicly visible. This could present a potential security issue if someone were to:
As the AMI would be publicly accessible, this could result in those secrets baked into the AMI being leaked. While that's not best practice, it seems best to prevent this mis-configuration by not making the AMI public by default. Optionally a packer variable could be used to control whether or not to make the AMI public, with the default not to.