Add Support for AWS ISO Regions

[aghassemlouei]

Description

HashiCorp Packer should support the AWS Secret and AWS Top Secret Clouds.

Use Case(s)

If HashiCorp Packer supports the following regions it will improve and enhance the image import/creation process for United States (US) federal workloads which handle US Classified systems:

• us-isob-east-1
• us-iso-east-1
• us-iso-west-1

Currently these environments are highly restricted with heavy introspection on ingress and egress data. Introducing this capability will enable classified workloads to create more secure base images more frequently within the regions. This will also significantly reduce the likelihood that images imported into these environments include unauthorized components.

Potential configuration

It's unclear if the custom_endpoint_ec2 would enable full Packer functionality in these regions.

Potential References

• https://awsregion.info/
• https://aws.amazon.com/federal/secret-cloud
• https://aws.amazon.com/federal/top-secret-cloud
• Cloud Auto-Join: AWS Partitions and custom ec2 endpoints go-discover#104

[lorengordon]

Fwiw, our team has built images for ISO regions regularly for years now using Packer. Packer supports them already. Is there a specific error you are encountering?

[aghassemlouei]

Appreciate the confirmation @lorengordon; had not seen anything formal and just needed confirmation of functionality!

[lorengordon]

It used to be more complicated, but when AWS began including the ISO regions/endpoints in the public AWS SDKs, it became quite simple. Just set the region in your config/shell, get a credential, and Packer should be able to talk to the endpoints just fine!