ImageBuilder and Terraform - Handy Hints
This is for my benefit as much as anybody else, because it took me a while to figure things out: Most of the time when you write for AWS ImageBuilder, the docs tell you to create separate YAML files containing your components. That's fine, but what if you want to do dynamic substitutions on path and file names? In that case you probably want to do the definition in the HCL language. That is, within the actual Terraform code itself. Using S3 One of the more fiddly bits is pulling things from S3 to install on your new instance. You need to do two things: Have an IAM policy which allows access; and Write the component to do the job Writing the IAM Create a policy resource that looks something like this: resource "aws_iam_policy" "s3_policy" { name = "s3-policy" policy = jsonencode( { Version = "2012-10-17" Statement = [ { Effect = "Allow" Action = [