Skip to content

Instantly share code, notes, and snippets.

View manicminer's full-sized avatar
☁️

Tom Bamford manicminer

☁️
116 followers · 12 following
View GitHub Profile
@manicminer
manicminer / ansible_test.yml
Last active August 29, 2015 14:07
Conditional fail
---
- hosts: localhost
connection: local
tasks:
- set_fact:
is_test: "{{ env == 'development' or 'test' in env }}"
- set_fact:
security_group: blah
@manicminer
manicminer / results with limit
Created October 29, 2014 12:06
ansible limit test with host facts
$ ansible-playbook -i test.ini test.yml --limit group1
PLAY [all] ********************************************************************
GATHERING FACTS ***************************************************************
ok: [group1]
TASK: [command true] **********************************************************
changed: [host1]
@manicminer
manicminer / append.py
Last active August 29, 2015 14:11
Append some string in place after a multiline match
#!/usr/bin/env python
import re, sys
filename = sys.argv[1]
match = sys.argv[2]
append = sys.argv[3]
f = open(filename, 'r+')
content = f.read()
@manicminer
manicminer / git_facts.py
Created February 13, 2015 21:05
Ansible git_facts module
#!/usr/bin/python
DOCUMENTATION = '''
---
module: git_facts
version_added: "devel"
short_description: retrieve facts about a git repository
description:
- retrieve facts about a git repository. This module has a dependency on GitPython.
options:
@manicminer
manicminer / latest-arch-ami.yml
Created February 14, 2016 21:21
Find the latest Arch Linux AMI
- hosts: localhost
connection: local
tasks:
- ec2_ami_find:
name: "arch-linux-hvm-*.x86_64-ebs"
virtualization_type: hvm
owner: 093273469852 # Uplink Labs
sort: name
@manicminer
manicminer / block-retry.yml
Created February 28, 2016 10:43
---
- block:
- name: Retrieve some information
stat:
path: /path/to/a/file
register: info_result
- name: Check a condition
assert:
@manicminer
manicminer / info.md
Last active November 1, 2018 22:44
RDS Production termination protection

RDS Production Termination Protection

Create a policy like this, substituting your AWS account number, then attach it to all groups and roles. It will prevent deletion of RDS instances containing the string "prod" in their name.

Note: This is intended to prevent accidental deletion, and is easily sidestepped.

@manicminer
manicminer / staging-diff.txt
Created December 7, 2016 12:41
commit e244234a7f5cadaf885712b52f1e6eaf1231f734
Merge: 90011cd c0ceebe
Author: Tom Bamford <tom@bamford.co.za>
Date: Wed Dec 7 11:53:37 2016 +0000
Merged in tom-nfs-fix (pull request #8)
NFS module fix
commit c0ceebee14b2bc8bdbdb81ab03efa07a25086c2a
@manicminer
manicminer / devops-puppet-master.txt
Created December 7, 2016 12:43
commit e244234a7f5cadaf885712b52f1e6eaf1231f734
Merge: 90011cd c0ceebe
Author: Tom Bamford <tom@bamford.co.za>
Date: Wed Dec 7 11:53:37 2016 +0000
Merged in tom-nfs-fix (pull request #8)
NFS module fix
commit c0ceebee14b2bc8bdbdb81ab03efa07a25086c2a
@manicminer
manicminer / README.md
Last active January 25, 2024 12:27
Ansible invocation with assumed IAM role

Ansible invocation with assumed IAM role

How it works

  • boto3 initializes a session using the specified profile, for which it assumes a role as configured in your ~/.aws/config
  • Python script with above session initialization prints out shell-compatible environment variables of the temporary credentials
  • Wrapper script sets these a la eval
  • By the time Ansible runs, the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SECURITY_TOKEN (for boto2) / AWS_SESSION_TOKEN (for boto3) are all set, and are consumed by boto2 in the inventory script and other boto2-based modules

Notes