AWS / Ansible Dynamic Inventory

I’ve been working to manage dynamic inventory in AWS for Ansible deploys… then I came across this stack overflow link & ches’ answer.

Ansible looks for executables and flat files in a directory and merges their results.

=> tree inventory/staging
inventory/staging
-- base
-- ec2.ini
-- ec2.py
-- group_vars -> ../group_vars

The base file looks like:

=>  more inventory/staging/base
[localhost]
# I need to tell Ansible which Python on my system has boto for AWS
127.0.0.1 ansible_python_interpreter=/usr/local/bin/python

# The EC2 plugin will populate these groups, but we need to add empty entries
# here to make aliases for them below.
[tag_Stage_staging]
[tag_Role_webserver]

[staging:children]
tag_Stage_staging

[webservers:children]
tag_Role_webserver

You then just point to the directory for inventory:

$ ansible -i inventory/staging webservers -m ec2_facts
# OR
$ export ANSIBLE_HOSTS=inventory/staging
$ ansible webservers -m ec2_facts

AWS via Ansible – use private key

With AWS ssh, you need to use a private key. When working on a new script, I didn’t want to deal with my private account having a “build box” which was already on the VPC. So I was using my box & giving the destination a public IP. I know… totally insecure but considering I was killing the VM every few minutes I didn’t care.

So to call ansible-playbook & provide a private key:

ansible-playbook -i envs/localhost elasticsearch.yml -vvvv --private-key=~/.ssh/mykeyname.pem 

aws cmd line tool – use profiles

I’ve got a home account & a work account. I need to easily swap between the 2.
Add 2 sets of creds
~/.aws/credentials

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[work]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

Add 2 sets of region / outputs
~/.aws/config

[default]
region=us-west-2
output=json

[profile work]
region=us-east-1
output=text

Then to use a profile:

export AWS_PROFILE=work

OR

aws ec2 describe-instances --profile work

SOURCE