Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
vim ~/.aws/config
[ansible-dynamic-inventory]
region = ap-southeast-1
vim ~/.aws/credentials
[ansible-dynamic-inventory]
aws_access_key_id = XXXXXXXX
aws_secret_access_key = YYYYYYYYYYYYYYYY
# ansible --version
ansible 2.10.4
config file = None
configured module search path = ['/Users/ru-rocker/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/2.10.4/libexec/lib/python3.9/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.9.1 (default, Dec 29 2020, 07:31:08) [Clang 11.0.0 (clang-1100.0.33.17)]
# connection_plugins/aws_ssm.py
# code fragment
def _get_boto_client(self, service, region_name=None):
''' Gets a boto3 client based on the STS token '''
aws_access_key_id = self.get_option('access_key_id')
aws_secret_access_key = self.get_option('secret_access_key')
aws_session_token = self.get_option('session_token')
if aws_access_key_id is None:
aws_access_key_id = os.environ.get("AWS_ACCESS_KEY_ID", None)
if aws_secret_access_key is None:
aws_secret_access_key = os.environ.get("AWS_SECRET_ACCESS_KEY", None)
if aws_session_token is None:
aws_session_token = os.environ.get("AWS_SESSION_TOKEN", None)
client = boto3.client(
service,
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=region_name)
return client
plugin: aws_ec2
aws_profile: ansible-dynamic-inventory
strict: False
# Populate inventory with instances in these regions
regions:
- ap-southeast-1
hostnames:
- instance-id
filters:
# get all running instances with tag KEY: ru-rocker
instance-state-name: running
tag:KEY: ru-rocker
# if you need more than one tag filters
# tag:SUBKEY: POC
# tag:ENV: DEV
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeInstances",
"ec2:StopInstances",
"ec2:DescribeSecurityGroups",
"ec2:StartInstances",
"s3:DeleteObjectVersion",
"s3:GetBucketVersioning",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"ssm:GetCommandInvocation",
"ssm:StartSession",
"ssm:SendCommand",
"ssm:GetConnectionStatus",
"ssm:ResumeSession",
"ssm:ListCommands",
"ssm:DescribeSessions",
"ssm:TerminateSession",
"ssm:DescribeInstanceInformation",
"ssm:ListDocuments",
"ssm:ListCommandInvocations",
"ssm:DescribeInstanceProperties"
],
"Resource": "*"
}
]
}
# lorem/tasks/main.yml
- name: copy lorem file
template:
src: lorem.txt.j2
dest: '/tmp/lorem.txt'
mode: 0644
# lorem/templates/lorem.txt.j2
{{ lorem }}
# lorem/defaults/main.yml
lorem: Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
- hosts: all
roles:
- lorem
become: true
gather_facts: no
vars:
ansible_connection: aws_ssm
ansible_aws_ssm_region: ap-southeast-1
ansible_aws_ssm_access_key_id: "{{ access_key_id }}"
ansible_aws_ssm_secret_access_key: "{{ aws_secret_access_key }}"
ansible_aws_ssm_bucket_name: test-ansible-ec2-ssm
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment