Last active
February 11, 2024 02:16
-
-
Save ru-rocker/9aa9b1b6c859e33f91f92457c9e2f68c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vim ~/.aws/config | |
[ansible-dynamic-inventory] | |
region = ap-southeast-1 | |
vim ~/.aws/credentials | |
[ansible-dynamic-inventory] | |
aws_access_key_id = XXXXXXXX | |
aws_secret_access_key = YYYYYYYYYYYYYYYY |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ansible --version | |
ansible 2.10.4 | |
config file = None | |
configured module search path = ['/Users/ru-rocker/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] | |
ansible python module location = /usr/local/Cellar/ansible/2.10.4/libexec/lib/python3.9/site-packages/ansible | |
executable location = /usr/local/bin/ansible | |
python version = 3.9.1 (default, Dec 29 2020, 07:31:08) [Clang 11.0.0 (clang-1100.0.33.17)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# connection_plugins/aws_ssm.py | |
# code fragment | |
def _get_boto_client(self, service, region_name=None): | |
''' Gets a boto3 client based on the STS token ''' | |
aws_access_key_id = self.get_option('access_key_id') | |
aws_secret_access_key = self.get_option('secret_access_key') | |
aws_session_token = self.get_option('session_token') | |
if aws_access_key_id is None: | |
aws_access_key_id = os.environ.get("AWS_ACCESS_KEY_ID", None) | |
if aws_secret_access_key is None: | |
aws_secret_access_key = os.environ.get("AWS_SECRET_ACCESS_KEY", None) | |
if aws_session_token is None: | |
aws_session_token = os.environ.get("AWS_SESSION_TOKEN", None) | |
client = boto3.client( | |
service, | |
aws_access_key_id=aws_access_key_id, | |
aws_secret_access_key=aws_secret_access_key, | |
aws_session_token=aws_session_token, | |
region_name=region_name) | |
return client |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
plugin: aws_ec2 | |
aws_profile: ansible-dynamic-inventory | |
strict: False | |
# Populate inventory with instances in these regions | |
regions: | |
- ap-southeast-1 | |
hostnames: | |
- instance-id | |
filters: | |
# get all running instances with tag KEY: ru-rocker | |
instance-state-name: running | |
tag:KEY: ru-rocker | |
# if you need more than one tag filters | |
# tag:SUBKEY: POC | |
# tag:ENV: DEV |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "VisualEditor0", | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:DescribeClassicLinkInstances", | |
"ec2:DescribeInstances", | |
"ec2:StopInstances", | |
"ec2:DescribeSecurityGroups", | |
"ec2:StartInstances", | |
"s3:DeleteObjectVersion", | |
"s3:GetBucketVersioning", | |
"s3:PutObject", | |
"s3:GetObject", | |
"s3:DeleteObject", | |
"ssm:GetCommandInvocation", | |
"ssm:StartSession", | |
"ssm:SendCommand", | |
"ssm:GetConnectionStatus", | |
"ssm:ResumeSession", | |
"ssm:ListCommands", | |
"ssm:DescribeSessions", | |
"ssm:TerminateSession", | |
"ssm:DescribeInstanceInformation", | |
"ssm:ListDocuments", | |
"ssm:ListCommandInvocations", | |
"ssm:DescribeInstanceProperties" | |
], | |
"Resource": "*" | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# lorem/tasks/main.yml | |
- name: copy lorem file | |
template: | |
src: lorem.txt.j2 | |
dest: '/tmp/lorem.txt' | |
mode: 0644 | |
# lorem/templates/lorem.txt.j2 | |
{{ lorem }} | |
# lorem/defaults/main.yml | |
lorem: Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- hosts: all | |
roles: | |
- lorem | |
become: true | |
gather_facts: no | |
vars: | |
ansible_connection: aws_ssm | |
ansible_aws_ssm_region: ap-southeast-1 | |
ansible_aws_ssm_access_key_id: "{{ access_key_id }}" | |
ansible_aws_ssm_secret_access_key: "{{ aws_secret_access_key }}" | |
ansible_aws_ssm_bucket_name: test-ansible-ec2-ssm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment