You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+8-8
Original file line number
Diff line number
Diff line change
@@ -87,13 +87,13 @@ See the [examples](./examples) folder for more.
87
87
88
88
The full specification is as follows:
89
89
90
-
`args`: (Optional, type _list of string_, default is dependent on the image and the value of `command`) - Arguments to `command`. If `args` is not defined in user data, it defaults to the container image [cmd](https://docs.docker.com/reference/dockerfile/#cmd), unless `command` is defined in user data, in which case it defaults to an empty list.
90
+
`args`: (Optional, type _list_ of _string_, default is dependent on the image and the value of `command`) - Arguments to `command`. If `args` is not defined in user data, it defaults to the container image [cmd](https://docs.docker.com/reference/dockerfile/#cmd), unless `command` is defined in user data, in which case it defaults to an empty list.
91
91
92
-
`command`: (Optional, type _list of string_, default is the image [entrypoint](https://docs.docker.com/reference/dockerfile/#entrypoint), if defined) - Override of the image's entrypoint.
92
+
`command`: (Optional, type _list_ of _string_, default is the image [entrypoint](https://docs.docker.com/reference/dockerfile/#entrypoint), if defined) - Override of the image's entrypoint.
93
93
94
94
`debug`: (Optional, type _bool_, default `false`) - Whether or not to enable debug logging.
95
95
96
-
`disable-services`: (Optional, type _list of _string_, default `[]`) - A list of services to disable at runtime if they were included in the image, e.g. with `easyto ami --services=[...]`.
96
+
`disable-services`: (Optional, type _list_ of _string_, default `[]`) - A list of services to disable at runtime if they were included in the image, e.g. with `easyto ami --services=[...]`.
97
97
98
98
`env`: (Optional, type _list_ of [_name-value_](#name-value-object) objects, default `[]`) - The names and values of environment variables to be passed to `command`.
99
99
@@ -220,7 +220,7 @@ The following sources are available for environment variables. Each can be speci
220
220
> [!NOTE]
221
221
> The EC2 instance must have an instance profile with permission to call `s3:GetObject` and `s3:ListObjects`.
222
222
223
-
An S3 volume is a pseudo-volume, as the parameters from S3 are copied as files to the object's `mount.destination` one time on boot. The owner and group of the files defaults to `security.run-as-user` and `security.run-as-group` unless explicitly specified in the volume's `mount.user-id` and `mount.group-id`.
223
+
An S3 volume is a pseudo-volume, as the parameters from S3 are copied as files to the object's `mount.destination` one time on boot. The owner and group of the files defaults to `security.run-as-user-id` and `security.run-as-group-id` unless explicitly specified in the volume's `mount.user-id` and `mount.group-id`.
224
224
225
225
`bucket`: (Required, type _string_) - Name of the S3 bucket.
226
226
@@ -238,7 +238,7 @@ An S3 volume is a pseudo-volume, as the parameters from S3 are copied as files t
238
238
> [!NOTE]
239
239
> The EC2 instance must have an instance profile with permission to call `ssm:GetParameter`, `ssm:GetParametersByPath`, and `kms:Decrypt` for the KMS key used to encrypt the parameter if they are of type `SecureString` and a customer-managed key was used.
240
240
241
-
An SSM volume is a pseudo-volume, as the parameters from SSM Parameter Store are copied as files to the object's `mount.destination` one time on boot. Any updates to the parameters would require a reboot to get the new values. The files are always written with permissions of `0600`, even if the parameters are not of type `SecureString`. The owner and group of the files defaults to `security.run-as-user` and `security.run-as-group` unless explicitly specified in the volume's `mount.user-id` and `mount.group-id`.
241
+
An SSM volume is a pseudo-volume, as the parameters from SSM Parameter Store are copied as files to the object's `mount.destination` one time on boot. Any updates to the parameters would require a reboot to get the new values. The files are always written with permissions of `0600`, even if the parameters are not of type `SecureString`. The owner and group of the files defaults to `security.run-as-user-id` and `security.run-as-group-id` unless explicitly specified in the volume's `mount.user-id` and `mount.group-id`.
242
242
243
243
`path`: (Required, type _string_) - The SSM parameter path. If the path begins with `/` and has parameters below it, everything under it will be retrieved and stored in files named the same as the parameters under `mount.destination`, omitting the leading `path`. The SSM parameters can be nested, and those with child parameters will be used to create subdirectories below them. If `path` is the full path of a single parameter or does not begin with `/`, it must resolve to a single parameter, and `mount.destination` will be the file name on disk.
244
244
@@ -254,7 +254,7 @@ An SSM volume is a pseudo-volume, as the parameters from SSM Parameter Store are
254
254
> [!NOTE]
255
255
> The EC2 instance must have an instance profile with permission to call `secretsmanager:GetSecretValue`, and `kms:Decrypt` for the KMS key used to encrypt the secret if a customer-managed key was used.
256
256
257
-
A Secrets Manager volume is a pseudo-volume, as the secret from Secrets Manager is copied as a file to the path defined in `mount.destination` one time on boot. Any updates to the secret would require a reboot to get the new value. The file is always written with a mode of `0600`. The owner and group of the file defaults to `security.run-as-user` and `security.run-as-group` unless explicitly specified in the volume's `mount.user-id` and `mount.group-id`.
257
+
A Secrets Manager volume is a pseudo-volume, as the secret from Secrets Manager is copied as a file to the path defined in `mount.destination` one time on boot. Any updates to the secret would require a reboot to get the new value. The file is always written with a mode of `0600`. The owner and group of the file defaults to `security.run-as-user-id` and `security.run-as-group-id` unless explicitly specified in the volume's `mount.user-id` and `mount.group-id`.
258
258
259
259
`mount`: (Required, type [_mount_](#mount-object) object) - Configuration of the destination for the secret.
260
260
@@ -266,13 +266,13 @@ A Secrets Manager volume is a pseudo-volume, as the secret from Secrets Manager
266
266
267
267
`destination`: (Required, type _string_) - The mount destination. This may be a file or a directory depending on the configuration of the volume.
268
268
269
-
`group-id`: (Optional, type _int_, default `0`) - The group ID of the destination.
269
+
`group-id`: (Optional, type _int_, default is the value of `security.run-as-group-id`) - The group ID of the destination.
270
270
271
271
`mode`: (Optional, type _string_, default `0755`) - The mode of the destination.
272
272
273
273
`options`: (Optional, type _list_ of _string_, default `[]`) - Options for filesystem mounting, dependent on the filesystem type. These are the options that would be passed to the `mount` command with `-o`.
274
274
275
-
`user-id`: (Optional, type _int_, default `0`) - The user ID of the destination.
275
+
`user-id`: (Optional, type _int_, default is the value of `security.run-as-user-id`) - The user ID of the destination.
0 commit comments