aws_ec2 – EC2 inventory source

From Get docs
< Inventory PluginsAnsible/docs/2.8/plugins/inventory/aws ec2


aws_ec2 – EC2 inventory source

Synopsis

  • Get inventory hosts from Amazon Web Services EC2.
  • Uses a YAML configuration file that ends with aws_ec2.(yml|yaml).

Requirements

The below requirements are needed on the local master node that executes this inventory.

  • boto3
  • botocore

Parameters

Parameter Choices/Defaults Configuration Comments

aws_access_key

string

env:EC2_ACCESS_KEY

env:AWS_ACCESS_KEY

env:AWS_ACCESS_KEY_ID

The AWS access key to use.


aliases: aws_access_key_id

aws_profile

string

env:AWS_DEFAULT_PROFILE

env:AWS_PROFILE

The AWS profile


aliases: boto_profile

aws_secret_key

string

env:EC2_SECRET_KEY

env:AWS_SECRET_KEY

env:AWS_SECRET_ACCESS_KEY

The AWS secret key that corresponds to the access key.


aliases: aws_secret_access_key

aws_security_token

string

env:EC2_SECURITY_TOKEN

env:AWS_SESSION_TOKEN

env:AWS_SECURITY_TOKEN

The AWS security token if using temporary access and secret keys.

cache

boolean

  • no

  • yes

ini entries: [inventory]cache = no


env:ANSIBLE_INVENTORY_CACHE

Toggle to enable/disable the caching of the inventory's source data, requires a cache plugin setup to work.

cache_connection

string

ini entries: [defaults]fact_caching_connection = VALUE

[inventory]cache_connection = VALUE


env:ANSIBLE_CACHE_PLUGIN_CONNECTION

env:ANSIBLE_INVENTORY_CACHE_CONNECTION

Cache connection data or path, read cache plugin documentation for specifics.

cache_plugin

string

Default:

"memory"

ini entries: [defaults]fact_caching = memory

[inventory]cache_plugin = memory


env:ANSIBLE_CACHE_PLUGIN

env:ANSIBLE_INVENTORY_CACHE_PLUGIN

Cache plugin to use for the inventory's source data.

cache_prefix

-

Default:

"ansible_inventory_"

ini entries: [default]fact_caching_prefix = ansible_inventory_

[inventory]cache_prefix = ansible_inventory_


env:ANSIBLE_CACHE_PLUGIN_PREFIX

env:ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX

Prefix to use for cache plugin files/tables

cache_timeout

integer

Default:

3600

ini entries: [defaults]fact_caching_timeout = 3600

[inventory]cache_timeout = 3600


env:ANSIBLE_CACHE_PLUGIN_TIMEOUT

env:ANSIBLE_INVENTORY_CACHE_TIMEOUT

Cache duration in seconds

compose

dictionary

Default:

{}

Create vars from jinja2 expressions.

filters

dictionary

Default:

{}

A dictionary of filter value pairs.

groups

dictionary

Default:

{}

Add hosts to group based on Jinja2 conditionals.

hostnames

list

Default:

[]

A list in order of precedence for hostname variables.

To use tags as hostnames use the syntax tag:Name=Value to use the hostname Name_Value, or tag:Name to use the value of the Name tag.

include_extra_api_calls

boolean

added in 2.8

  • no

  • yes

Add two additional API calls for every instance to include 'persistent' and 'events' host variables.

Spot instances may be persistent and instances may have associated events.

keyed_groups

list

Default:

[]

Add hosts to group based on the values of a variable.

plugin

- / required

  • aws_ec2

Token that ensures this is a source file for the plugin.

regions

list

Default:

[]

A list of regions in which to describe EC2 instances.

If empty (the default) default this will include all regions, except possibly restricted ones like us-gov-west-1 and cn-north-1.

strict

boolean

  • no

  • yes

If yes make invalid entries a fatal error, otherwise skip and continue.

Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default.

strict_permissions

boolean

  • no
  • yes

By default if a 403 (Forbidden) error code is encountered this plugin will fail.

You can set this option to False in the inventory config file which will allow 403 errors to be gracefully skipped.

use_contrib_script_compatible_sanitization

boolean

added in 2.8

  • no

  • yes

By default this plugin is using a general group name sanitization to create safe and usable group names for use in Ansible. This option allows you to override that, in efforts to allow migration from the old inventory script and matches the sanitization of groups when the script's ``replace_dash_in_groups`` option is set to ``False``. To replicate behavior of ``replace_dash_in_groups = True`` with constructed groups, you will need to replace hyphens with underscores via the regex_replace filter for those entries.

For this to work you should also turn off the TRANSFORM_INVALID_GROUP_CHARS setting, otherwise the core engine will just use the standard sanitization on top.

This is not the default as such names break certain functionality as not all characters are valid Python identifiers which group names end up being used as.



Notes

Note

  • If no credentials are provided and the control node has an associated IAM instance profile then the role will be used for authentication.


Examples

# Minimal example using environment vars or instance role credentials
# Fetch all hosts in us-east-1, the hostname is the public DNS if it exists, otherwise the private IP address
plugin: aws_ec2
regions:
  - us-east-1

# Example using filters, ignoring permission errors, and specifying the hostname precedence
plugin: aws_ec2
boto_profile: aws_profile
# Populate inventory with instances in these regions
regions:
  - us-east-1
  - us-east-2
filters:
  # All instances with their `Environment` tag set to `dev`
  tag:Environment: dev
  # All dev and QA hosts
  tag:Environment:
    - dev
    - qa
  instance.group-id: sg-xxxxxxxx
# Ignores 403 errors rather than failing
strict_permissions: False
# Note: I(hostnames) sets the inventory_hostname. To modify ansible_host without modifying
# inventory_hostname use compose (see example below).
hostnames:
  - tag:Name=Tag1,Name=Tag2  # Return specific hosts only
  - tag:CustomDNSName
  - dns-name
  - private-ip-address

# Example using constructed features to create groups and set ansible_host
plugin: aws_ec2
regions:
  - us-east-1
  - us-west-1
# keyed_groups may be used to create custom groups
strict: False
keyed_groups:
  # Add e.g. x86_64 hosts to an arch_x86_64 group
  - prefix: arch
    key: 'architecture'
  # Add hosts to tag_Name_Value groups for each Name/Value tag pair
  - prefix: tag
    key: tags
  # Add hosts to e.g. instance_type_z3_tiny
  - prefix: instance_type
    key: instance_type
  # Create security_groups_sg_abcd1234 group for each SG
  - key: 'security_groups|json_query("[].group_id")'
    prefix: 'security_groups'
  # Create a group for each value of the Application tag
  - key: tags.Application
    separator: ''
  # Create a group per region e.g. aws_region_us_east_2
  - key: placement.region
    prefix: aws_region
# Set individual variables with compose
compose:
  # Use the private IP address to connect to the host
  # (note: this does not modify inventory_hostname, which is set via I(hostnames))
  ansible_host: private_ip_address

Status

Authors

  • UNKNOWN

Hint

If you notice any issues in this documentation, you can edit this document to improve it.


Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/plugins/inventory/aws_ec2.html