AMI build should download Conjur Image directly

[jvanderhoof]

The AMI build process works by downloading and saving the Conjur image locally before uploading the gzipped tar file to the AMI. This is super inefficient.

A better approach would be to download the Conjur image directly to the EC2 instance before saving it off as an AMI. Our registry credentials would need to be injected onto the instance prior to docker pull ...., then removed from the instance after the image has been pulled.

[apotterri]

FWIW, I've been experimenting with using DockerInDocker to log in and pull an image without landing the credentials on the host.

I'm currently doing the docker pull, docker save, scp dance to the get image to the remote instance, but this is inspiring me to see I can pull it directly.

[dustinmm80]

That's great Alan! Yeah I think removing steps in our AMI creation process will pay dividends across our projects.

[apotterri]

I've found that DockerInDocker can be made to work this way. Definitely check with me before you move forward on implement this.

[brikelly]

Can we close this issue now? @dustinmm80 @apotterri

[dustinmm80]

Are we using this project to build v5 AMIs, or something else? If this project, I think we should fix this issue for v5.