diff --git a/al2.pkr.hcl b/al2.pkr.hcl index d756a4f..7251e43 100644 --- a/al2.pkr.hcl +++ b/al2.pkr.hcl @@ -178,7 +178,8 @@ build { environment_vars = [ "REGION=${var.region}", "EXEC_SSM_VERSION=${var.exec_ssm_version}", - "AIR_GAPPED=${var.air_gapped}" + "AIR_GAPPED=${var.air_gapped}", + "REGION_DNS_SUFFIX=${var.region_dns_suffix}" ] } diff --git a/al2023.pkr.hcl b/al2023.pkr.hcl index b4041de..f8b3e8c 100644 --- a/al2023.pkr.hcl +++ b/al2023.pkr.hcl @@ -148,7 +148,8 @@ build { environment_vars = [ "REGION=${var.region}", "EXEC_SSM_VERSION=${var.exec_ssm_version}", - "AIR_GAPPED=${var.air_gapped}" + "AIR_GAPPED=${var.air_gapped}", + "REGION_DNS_SUFFIX=${var.region_dns_suffix}" ] } diff --git a/scripts/install-exec-dependencies.sh b/scripts/install-exec-dependencies.sh index 42408d4..862b2e5 100644 --- a/scripts/install-exec-dependencies.sh +++ b/scripts/install-exec-dependencies.sh @@ -1,20 +1,34 @@ #!/usr/bin/env bash set -ex -if [ -n "$AIR_GAPPED" ]; then - echo "Air-gapped region, exec feature is not supported" - exit 0 -fi +# Returns AWS DNS suffix from $REGION_DNS_SUFFIX if set, errors if no dns suffix set for air-gapped regions. +# Defaults to amazonaws.com[.cn] +get_dns_suffix() { + # If $REGION_DNS_SUFFIX is assigned and non-empty, use that + if [ -n "$REGION_DNS_SUFFIX" ]; then + echo >&2 "Using configured DNS suffix: $REGION_DNS_SUFFIX" + echo "$REGION_DNS_SUFFIX" + return + fi + + if [ -n "$AIR_GAPPED" ]; then + echo "Air-gapped region, need to set DNS suffix explicitly" + exit 1 + fi + + local host_suffix="" + if grep -q "^cn-" <<<"$REGION"; then + host_suffix=".cn" + fi + echo "amazonaws.com${host_suffix}" +} + +DNS_SUFFIX=$(get_dns_suffix) BINARY_PATH="/var/lib/ecs/deps/execute-command/bin/${EXEC_SSM_VERSION}" CERTS_PATH="/var/lib/ecs/deps/execute-command/certs" ARCHITECTURE="$(uname -m)" -host_suffix="" -if grep -q "^cn-" <<<"$REGION"; then - host_suffix=".cn" -fi - # Download ssm agent static binaries in BINARY_PATH mkdir -p /tmp/ssm-binaries && cd /tmp/ssm-binaries @@ -23,12 +37,12 @@ gpg --import /tmp/amazon-ssm-agent.gpg case $ARCHITECTURE in 'x86_64') - curl -fLSs "https://amazon-ssm-${REGION}.s3.${REGION}.amazonaws.com${host_suffix}/${EXEC_SSM_VERSION}/linux_amd64/amazon-ssm-agent-binaries.tar.gz" -o amazon-ssm-agent.tar.gz - curl -fLSs "https://amazon-ssm-${REGION}.s3.${REGION}.amazonaws.com${host_suffix}/${EXEC_SSM_VERSION}/linux_amd64/amazon-ssm-agent-binaries.tar.gz.sig" -o amazon-ssm-agent.tar.gz.sig + curl -fLSs "https://amazon-ssm-${REGION}.s3.${REGION}.${DNS_SUFFIX}/${EXEC_SSM_VERSION}/linux_amd64/amazon-ssm-agent-binaries.tar.gz" -o amazon-ssm-agent.tar.gz + curl -fLSs "https://amazon-ssm-${REGION}.s3.${REGION}.${DNS_SUFFIX}/${EXEC_SSM_VERSION}/linux_amd64/amazon-ssm-agent-binaries.tar.gz.sig" -o amazon-ssm-agent.tar.gz.sig ;; 'aarch64') - curl -fLSs "https://amazon-ssm-${REGION}.s3.${REGION}.amazonaws.com${host_suffix}/${EXEC_SSM_VERSION}/linux_arm64/amazon-ssm-agent-binaries.tar.gz" -o amazon-ssm-agent.tar.gz - curl -fLSs "https://amazon-ssm-${REGION}.s3.${REGION}.amazonaws.com${host_suffix}/${EXEC_SSM_VERSION}/linux_arm64/amazon-ssm-agent-binaries.tar.gz.sig" -o amazon-ssm-agent.tar.gz.sig + curl -fLSs "https://amazon-ssm-${REGION}.s3.${REGION}.${DNS_SUFFIX}/${EXEC_SSM_VERSION}/linux_arm64/amazon-ssm-agent-binaries.tar.gz" -o amazon-ssm-agent.tar.gz + curl -fLSs "https://amazon-ssm-${REGION}.s3.${REGION}.${DNS_SUFFIX}/${EXEC_SSM_VERSION}/linux_arm64/amazon-ssm-agent-binaries.tar.gz.sig" -o amazon-ssm-agent.tar.gz.sig ;; esac gpg --verify amazon-ssm-agent.tar.gz.sig amazon-ssm-agent.tar.gz diff --git a/variables.pkr.hcl b/variables.pkr.hcl index cc06856..ec5372e 100644 --- a/variables.pkr.hcl +++ b/variables.pkr.hcl @@ -268,3 +268,9 @@ variable "run_tags" { description = "Tags to apply to resources (key-pair, SG, IAM, snapshot, interfaces and instance) used when building the AMI." default = {} } + +variable "region_dns_suffix" { + type = string + description = "DNS Suffix to use for in region URLs" + default = "" +}