fix: match EC2 instance type to source AMI architecture in dry run

[gnought]

Description

During EC2 dry-run, packer currently uses a default t3.nano instance type which does not match the architecture of the source AMI. This causes the dry-run fail.

The derivation of instance type should be based on the source architecture. If not matched, use t3.nano in default.

arm64      => t4g.nano
x86_64_mac => mac1.metal
arm64_mac  => mac2.metal

A excerpt of packer log:

2026/02/16 13:24:14 ui error: 2026-02-16T13:24:14+08:00: Build 'ubuntu.amazon-ebssurrogate.jammy' errored after 20 seconds 237 milliseconds: timed out waiting for IAM changes to propagate to EC2: operation error EC2: RunInstances, https response error StatusCode: 400, RequestID: f4b8cf2f-7a3d-4b88-b444-0541cbe3eb31, api error InvalidParameterValue: The architecture 'x86_64' of the specified instance type does not match the architecture 'arm64' of the specified AMI. Specify an instance type and an AMI that have matching architectures, and try again. You can use 'describe-instance-types' or 'describe-images' to discover the architecture of the instance type or AMI.

Resolved Issues

If your PR resolves any open issue(s), please indicate them like this so they will be closed when your PR is merged:

Rollback Plan

If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

No

[Copilot]

Pull request overview

Adjusts the EC2 “dry-run” instance launch used for IAM instance profile propagation validation so it chooses an instance type that matches the source AMI’s architecture, avoiding architecture-mismatch failures during validation.

Changes:

• Derives the EC2 InstanceType for the dry-run RunInstances call from source_image.Architecture.
• Adds explicit mappings for arm64, x86_64_mac, and arm64_mac, with fallback to t3.nano.
• Uses the derived instance type in the dry-run RunInstancesInput.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The dry-run now selects mac1.metal/mac2.metal for *_mac AMIs, but the RunInstancesInput here does not include any placement/tenancy/host parameters. Since this step treats any non-DryRunOperation error as “instance profile not visible yet”, missing placement settings can cause false failures unrelated to IAM propagation. Consider either (a) skipping the EC2 dry-run IAM visibility check for mac architectures, or (b) threading the builder’s placement/tenancy/host settings into this step and using them in the dry-run call so validation matches the real launch parameters.

[Copilot]

This PR introduces architecture-to-instance-type selection logic, but there’s no unit test coverage to ensure the mapping and default fallback behave as expected (e.g., arm64 => t4g.nano, unknown/empty => t3.nano). Adding a focused test for this selection would help prevent regressions and make future architecture additions safer.