Create custom Bamboo Agent Image Configuration

Bamboo is a great build server and the possibility to use EC2 instances as build agents makes it really cost efficient and flexible. But – most of the time, the stock images provided by Atlassian need to be customized to fit the purpose. But how to do this properly?

The easiest way is to create a new AMI based on the stock images and customize it.

  1. Launch a new instance using on of the existing AMIs (e.g. ami-ed6deb9e for the Ubuntu stock image) or use an instance launched by Bamboo
  2. Connect to it using SSH and customize it.
  3. Open the EC2 management console, select the instance and choose Actions -> Image -> Create Image
  4. Afterwards you need to enter a name and choose Create ImageScreen Shot 2016-05-15 at 20.44.07
  5. Copy the AMI id
  6. Switch back to Bamboo and navigate to Bamboo administration -> Image configurations
  7. Create a new configuration using the AMI id you copied beforeScreen Shot 2016-05-15 at 20.48.37
  8. You can now launch build agents with you custom setup
Advertisements

Grant Access to single S3 bucket

I was setting up a static website on Amazon S3. This process is fairly simply. Finally I wanted to create an user that can only deploy this one single bucket. As with all other user accounts I wanted to follow the least privilege model. So the default S3-Full Access policy was not an option for me.

I created a new policy granting full access to this specific bucket. It looked like this:

{
   "Version": "2012-10-17",
   "Statement": [
   {
     "Effect": "Allow",
     "Action": "s3:*",
     "Resource": [
     "arn:aws:s3:::myBucket/*",
     "arn:aws:s3:::myBucket"]
   }
 ]
}

I assigned this to the user that uploads my site and started the upload. Peng! Access Denied.

After some investigation I discovered that the ListAllMyBuckets action is causing that problem. I added a second policy:

{
   "Version": "2012-10-17",
   "Statement": [
   {
     "Effect": "Allow",
     "Action": "s3:ListAllMyBuckets",
     "Resource": "arn:aws:s3:::*"
   }]
}

This solved my issue and the upload work fine.