aws_ec2 – EC2 inventory source¶
Synopsis¶
Get inventory hosts from Amazon Web Services EC2.
Uses a YAML configuration file that ends with
aws_ec2.(yml|yaml
).
Requirements¶
The below requirements are needed on the local master node that executes this inventory.
boto3
botocore
Parameters¶
Parameter | Choices/Defaults | Configuration | Comments |
---|---|---|---|
aws_access_key
string
|
env:EC2_ACCESS_KEY
env:AWS_ACCESS_KEY
env:AWS_ACCESS_KEY_ID
|
The AWS access key to use.
aliases: aws_access_key_id |
|
aws_profile
string
|
env:AWS_DEFAULT_PROFILE
env:AWS_PROFILE
|
The AWS profile
aliases: boto_profile |
|
aws_secret_key
string
|
env:EC2_SECRET_KEY
env:AWS_SECRET_KEY
env:AWS_SECRET_ACCESS_KEY
|
The AWS secret key that corresponds to the access key.
aliases: aws_secret_access_key |
|
aws_security_token
string
|
env:EC2_SECURITY_TOKEN
env:AWS_SESSION_TOKEN
env:AWS_SECURITY_TOKEN
|
The AWS security token if using temporary access and secret keys.
|
|
cache
boolean
|
|
ini entries:
[inventory] env:ANSIBLE_INVENTORY_CACHE
|
Toggle to enable/disable the caching of the inventory's source data, requires a cache plugin setup to work.
|
cache_connection
string
|
ini entries:
[defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN_CONNECTION
env:ANSIBLE_INVENTORY_CACHE_CONNECTION
|
Cache connection data or path, read cache plugin documentation for specifics.
|
|
cache_plugin
string
|
Default: "memory"
|
ini entries:
[defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN
env:ANSIBLE_INVENTORY_CACHE_PLUGIN
|
Cache plugin to use for the inventory's source data.
|
cache_prefix
-
|
Default: "ansible_inventory_"
|
ini entries:
[default] [inventory] env:ANSIBLE_CACHE_PLUGIN_PREFIX
env:ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX
|
Prefix to use for cache plugin files/tables
|
cache_timeout
integer
|
Default: 3600
|
ini entries:
[defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN_TIMEOUT
env:ANSIBLE_INVENTORY_CACHE_TIMEOUT
|
Cache duration in seconds
|
compose
dictionary
|
Default: {}
|
Create vars from jinja2 expressions.
|
|
filters
dictionary
|
Default: {}
|
A dictionary of filter value pairs.
Available filters are listed here http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options.
|
|
groups
dictionary
|
Default: {}
|
Add hosts to group based on Jinja2 conditionals.
|
|
hostnames
list
|
Default: []
|
A list in order of precedence for hostname variables.
You can use the options specified in http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options.
To use tags as hostnames use the syntax tag:Name=Value to use the hostname Name_Value, or tag:Name to use the value of the Name tag.
|
|
iam_role_arn
-
added in 2.9 |
The ARN of the IAM role to assume to perform the inventory lookup. You should still provide AWS credentials with enough privilege to perform the AssumeRole action.
|
||
include_extra_api_calls
boolean
added in 2.8 |
|
Add two additional API calls for every instance to include 'persistent' and 'events' host variables.
Spot instances may be persistent and instances may have associated events.
|
|
keyed_groups
list
|
Default: []
|
Add hosts to group based on the values of a variable.
|
|
plugin
-
/ required
|
|
Token that ensures this is a source file for the plugin.
|
|
regions
list
|
Default: []
|
A list of regions in which to describe EC2 instances.
If empty (the default) default this will include all regions, except possibly restricted ones like us-gov-west-1 and cn-north-1.
|
|
strict
boolean
|
|
If
yes make invalid entries a fatal error, otherwise skip and continue.Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default.
|
|
strict_permissions
boolean
|
|
By default if a 403 (Forbidden) error code is encountered this plugin will fail.
You can set this option to False in the inventory config file which will allow 403 errors to be gracefully skipped.
|
|
use_contrib_script_compatible_sanitization
boolean
added in 2.8 |
|
By default this plugin is using a general group name sanitization to create safe and usable group names for use in Ansible. This option allows you to override that, in efforts to allow migration from the old inventory script and matches the sanitization of groups when the script's ``replace_dash_in_groups`` option is set to ``False``. To replicate behavior of ``replace_dash_in_groups = True`` with constructed groups, you will need to replace hyphens with underscores via the regex_replace filter for those entries.
For this to work you should also turn off the TRANSFORM_INVALID_GROUP_CHARS setting, otherwise the core engine will just use the standard sanitization on top.
This is not the default as such names break certain functionality as not all characters are valid Python identifiers which group names end up being used as.
|
Notes¶
Note
If no credentials are provided and the control node has an associated IAM instance profile then the role will be used for authentication.
Examples¶
# Minimal example using environment vars or instance role credentials
# Fetch all hosts in us-east-1, the hostname is the public DNS if it exists, otherwise the private IP address
plugin: aws_ec2
regions:
- us-east-1
# Example using filters, ignoring permission errors, and specifying the hostname precedence
plugin: aws_ec2
boto_profile: aws_profile
# Populate inventory with instances in these regions
regions:
- us-east-1
- us-east-2
filters:
# All instances with their `Environment` tag set to `dev`
tag:Environment: dev
# All dev and QA hosts
tag:Environment:
- dev
- qa
instance.group-id: sg-xxxxxxxx
# Ignores 403 errors rather than failing
strict_permissions: False
# Note: I(hostnames) sets the inventory_hostname. To modify ansible_host without modifying
# inventory_hostname use compose (see example below).
hostnames:
- tag:Name=Tag1,Name=Tag2 # Return specific hosts only
- tag:CustomDNSName
- dns-name
- private-ip-address
# Example using constructed features to create groups and set ansible_host
plugin: aws_ec2
regions:
- us-east-1
- us-west-1
# keyed_groups may be used to create custom groups
strict: False
keyed_groups:
# Add e.g. x86_64 hosts to an arch_x86_64 group
- prefix: arch
key: 'architecture'
# Add hosts to tag_Name_Value groups for each Name/Value tag pair
- prefix: tag
key: tags
# Add hosts to e.g. instance_type_z3_tiny
- prefix: instance_type
key: instance_type
# Create security_groups_sg_abcd1234 group for each SG
- key: 'security_groups|json_query("[].group_id")'
prefix: 'security_groups'
# Create a group for each value of the Application tag
- key: tags.Application
separator: ''
# Create a group per region e.g. aws_region_us_east_2
- key: placement.region
prefix: aws_region
# Create a group (or groups) based on the value of a custom tag "Role" and add them to a metagroup called "project"
- key: tags['Role']
prefix: foo
parent_group: "project"
# Set individual variables with compose
compose:
# Use the private IP address to connect to the host
# (note: this does not modify inventory_hostname, which is set via I(hostnames))
ansible_host: private_ip_address
Status¶
This inventory is not guaranteed to have a backwards compatible interface. [preview]
This inventory is maintained by the Ansible Community. [community]
Authors¶
Sloane Hertel (@s-hertel)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
Hint
Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.