aws_ec2 – ec2 inventory source
aws_ec2 – ec2 inventory source
Synopsis
- Get inventory hosts from Amazon Web Services EC2.
- Uses a YAML configuration file that ends with aws_ec2.(yml|yaml).
Requirements
The below requirements are needed on the local master node that executes this inventory.
- boto3
- botocore
Parameters
Parameter | Choices/Defaults | Configuration | Comments |
---|---|---|---|
aws_access_key_id - |
env:AWS_ACCESS_KEY_ID env:AWS_ACCESS_KEY env:EC2_ACCESS_KEY |
The AWS access key to use. If you have specified a profile, you don't need to provide an access key/secret key/session token. | |
aws_secret_access_key - |
env:AWS_SECRET_ACCESS_KEY env:AWS_SECRET_KEY env:EC2_SECRET_KEY |
The AWS secret key that corresponds to the access key. If you have specified a profile, you don't need to provide an access key/secret key/session token. | |
aws_security_token - |
env:AWS_SECURITY_TOKEN env:AWS_SESSION_TOKEN env:EC2_SECURITY_TOKEN |
The AWS security token if using temporary access and secret keys. | |
boto_profile - |
env:AWS_PROFILE env:AWS_DEFAULT_PROFILE |
The boto profile to use. | |
cache boolean |
Default: "no" |
ini entries: [inventory]cache = no
env:ANSIBLE_INVENTORY_CACHE |
Toggle to enable/disable the caching of the inventory's source data, requires a cache plugin setup to work. |
cache_connection - |
ini entries: [inventory]cache_connection = VALUE
env:ANSIBLE_INVENTORY_CACHE_CONNECTION |
Cache connection data or path, read cache plugin documentation for specifics. | |
cache_plugin - |
ini entries: [inventory]cache_plugin = VALUE
env:ANSIBLE_INVENTORY_CACHE_PLUGIN |
Cache plugin to use for the inventory's source data. | |
cache_timeout integer |
Default: 3600 |
ini entries: [inventory]cache_timeout = 3600
env:ANSIBLE_INVENTORY_CACHE_TIMEOUT |
Cache duration in seconds |
compose dictionary |
Default: {} |
create vars from jinja2 expressions | |
filters dictionary |
Default: {} |
A dictionary of filter value pairs. Available filters are listed here http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options | |
groups dictionary |
Default: {} |
add hosts to group based on Jinja2 conditionals | |
hostnames list |
Default: [] |
A list in order of precedence for hostname variables. You can use the options specified in http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options. To use tags as hostnames use the syntax tag:Name=Value to use the hostname Name_Value, or tag:Name to use the value of the Name tag. | |
keyed_groups list |
Default: [] |
add hosts to group based on the values of a variable | |
plugin - / required |
|
token that ensures this is a source file for the 'aws_ec2' plugin. | |
regions list |
Default: [] |
A list of regions in which to describe EC2 instances. If empty (the default) default this will include all regions, except possibly restricted ones like us-gov-west-1 and cn-north-1. | |
strict boolean |
Default: "no" |
If true make invalid entries a fatal error, otherwise skip and continue Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default. | |
strict_permissions boolean |
|
By default if a 403 (Forbidden) is encountered this plugin will fail. You can set strict_permissions to False in the inventory config file which will allow 403 errors to be gracefully skipped. |
Examples
# Minimal example using environment vars or instance role credentials
# Fetch all hosts in us-east-1, the hostname is the public DNS if it exists, otherwise the private IP address
plugin: aws_ec2
regions:
- us-east-1
# Example using filters, ignoring permission errors, and specifying the hostname precedence
plugin: aws_ec2
boto_profile: aws_profile
regions: # populate inventory with instances in these regions
- us-east-1
- us-east-2
filters:
# all instances with their `Environment` tag set to `dev`
tag:Environment: dev
# all dev and QA hosts
tag:Environment:
- dev
- qa
instance.group-id: sg-xxxxxxxx
# ignores 403 errors rather than failing
strict_permissions: False
# note: I(hostnames) sets the inventory_hostname. To modify ansible_host without modifying
# inventory_hostname use compose (see example below).
hostnames:
- tag:Name=Tag1,Name=Tag2 # return specific hosts only
- tag:CustomDNSName
- dns-name
- private-ip-address
# Example using constructed features to create groups and set ansible_host
plugin: aws_ec2
regions:
- us-east-1
- us-west-1
# keyed_groups may be used to create custom groups
strict: False
keyed_groups:
# add e.g. x86_64 hosts to an arch_x86_64 group
- prefix: arch
key: 'architecture'
# add hosts to tag_Name_Value groups for each Name/Value tag pair
- prefix: tag
key: tags
# add hosts to e.g. instance_type_z3_tiny
- prefix: instance_type
key: instance_type
# create security_groups_sg_abcd1234 group for each SG
- key: 'security_groups|json_query("[].group_id")'
prefix: 'security_groups'
# create a group for each value of the Application tag
- key: tags.Application
separator: ''
# create a group per region e.g. aws_region_us_east_2
- key: placement.region
prefix: aws_region
# set individual variables with compose
compose:
# use the private IP address to connect to the host
# (note: this does not modify inventory_hostname, which is set via I(hostnames))
ansible_host: private_ip_address
Status
Authors
- UNKNOWN
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/plugins/inventory/aws_ec2.html