aws_ec2 – ec2 inventory source

From Get docs
< Inventory PluginsAnsible/docs/2.7/plugins/inventory/aws ec2


aws_ec2 – ec2 inventory source

Synopsis

  • Get inventory hosts from Amazon Web Services EC2.
  • Uses a YAML configuration file that ends with aws_ec2.(yml|yaml).

Requirements

The below requirements are needed on the local master node that executes this inventory.

  • boto3
  • botocore

Parameters

Parameter Choices/Defaults Configuration Comments

aws_access_key_id

-

env:AWS_ACCESS_KEY_ID

env:AWS_ACCESS_KEY

env:EC2_ACCESS_KEY

The AWS access key to use. If you have specified a profile, you don't need to provide an access key/secret key/session token.

aws_secret_access_key

-

env:AWS_SECRET_ACCESS_KEY

env:AWS_SECRET_KEY

env:EC2_SECRET_KEY

The AWS secret key that corresponds to the access key. If you have specified a profile, you don't need to provide an access key/secret key/session token.

aws_security_token

-

env:AWS_SECURITY_TOKEN

env:AWS_SESSION_TOKEN

env:EC2_SECURITY_TOKEN

The AWS security token if using temporary access and secret keys.

boto_profile

-

env:AWS_PROFILE

env:AWS_DEFAULT_PROFILE

The boto profile to use.

cache

boolean

Default:

"no"

ini entries: [inventory]cache = no


env:ANSIBLE_INVENTORY_CACHE

Toggle to enable/disable the caching of the inventory's source data, requires a cache plugin setup to work.

cache_connection

-

ini entries: [inventory]cache_connection = VALUE


env:ANSIBLE_INVENTORY_CACHE_CONNECTION

Cache connection data or path, read cache plugin documentation for specifics.

cache_plugin

-

ini entries: [inventory]cache_plugin = VALUE


env:ANSIBLE_INVENTORY_CACHE_PLUGIN

Cache plugin to use for the inventory's source data.

cache_timeout

integer

Default:

3600

ini entries: [inventory]cache_timeout = 3600


env:ANSIBLE_INVENTORY_CACHE_TIMEOUT

Cache duration in seconds

compose

dictionary

Default:

{}

create vars from jinja2 expressions

filters

dictionary

Default:

{}

A dictionary of filter value pairs. Available filters are listed here http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options

groups

dictionary

Default:

{}

add hosts to group based on Jinja2 conditionals

hostnames

list

Default:

[]

A list in order of precedence for hostname variables. You can use the options specified in http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options. To use tags as hostnames use the syntax tag:Name=Value to use the hostname Name_Value, or tag:Name to use the value of the Name tag.

keyed_groups

list

Default:

[]

add hosts to group based on the values of a variable

plugin

- / required

  • aws_ec2

token that ensures this is a source file for the 'aws_ec2' plugin.

regions

list

Default:

[]

A list of regions in which to describe EC2 instances.

If empty (the default) default this will include all regions, except possibly restricted ones like us-gov-west-1 and cn-north-1.

strict

boolean

Default:

"no"

If true make invalid entries a fatal error, otherwise skip and continue

Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default.

strict_permissions

boolean

  • no
  • yes

By default if a 403 (Forbidden) is encountered this plugin will fail. You can set strict_permissions to False in the inventory config file which will allow 403 errors to be gracefully skipped.



Examples

# Minimal example using environment vars or instance role credentials
# Fetch all hosts in us-east-1, the hostname is the public DNS if it exists, otherwise the private IP address
plugin: aws_ec2
regions:
  - us-east-1

# Example using filters, ignoring permission errors, and specifying the hostname precedence
plugin: aws_ec2
boto_profile: aws_profile
regions: # populate inventory with instances in these regions
  - us-east-1
  - us-east-2
filters:
  # all instances with their `Environment` tag set to `dev`
  tag:Environment: dev
  # all dev and QA hosts
  tag:Environment:
    - dev
    - qa
  instance.group-id: sg-xxxxxxxx
# ignores 403 errors rather than failing
strict_permissions: False
# note: I(hostnames) sets the inventory_hostname. To modify ansible_host without modifying
# inventory_hostname use compose (see example below).
hostnames:
  - tag:Name=Tag1,Name=Tag2  # return specific hosts only
  - tag:CustomDNSName
  - dns-name
  - private-ip-address

# Example using constructed features to create groups and set ansible_host
plugin: aws_ec2
regions:
  - us-east-1
  - us-west-1
# keyed_groups may be used to create custom groups
strict: False
keyed_groups:
  # add e.g. x86_64 hosts to an arch_x86_64 group
  - prefix: arch
    key: 'architecture'
  # add hosts to tag_Name_Value groups for each Name/Value tag pair
  - prefix: tag
    key: tags
  # add hosts to e.g. instance_type_z3_tiny
  - prefix: instance_type
    key: instance_type
  # create security_groups_sg_abcd1234 group for each SG
  - key: 'security_groups|json_query("[].group_id")'
    prefix: 'security_groups'
  # create a group for each value of the Application tag
  - key: tags.Application
    separator: ''
  # create a group per region e.g. aws_region_us_east_2
  - key: placement.region
    prefix: aws_region
# set individual variables with compose
compose:
  # use the private IP address to connect to the host
  # (note: this does not modify inventory_hostname, which is set via I(hostnames))
  ansible_host: private_ip_address

Status

Authors

  • UNKNOWN

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/plugins/inventory/aws_ec2.html