- Ansible 2 Cloud Automation Cookbook
- Aditya Patawari Vikas Aggarwal
- 200字
- 2021-06-24 18:43:37
How to do it...
Ansible ships with scores of AWS modules. These Ansible modules use AWS Python SDK, called Boto, as dependency and interact with AWS.
- Let us install Boto using Python pip to get started:
$ pip install boto
- Along with Boto, we also need to have a user who has enough privileges to create and delete AWS resources. AWS has a predefined policy called AmazonEC2FullAccess which can be attached to a user. However, we prefer using a more permissive policy since we would be working on other AWS components in the next chapter.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": [
"iam:*",
"organizations:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "organizations:DescribeOrganization",
"Resource": "*"
}
]
}
- Once we have the policy defined, we need the user's access key ID and secret access key. These can be generated using AWS IAM dashboard. We will protect these keys using Ansible vault. Let us create a secret file with the keys:
---
access_key: AKIAIFA7A4UKUHQ3LLL
secret_key: plmkoij+hy654gbjuyd345789o/-098u
- Now, we encrypt them:
$ ansible-vault encrypt chapter2/roles/ec2/vars/secret.yml
Once we have the Boto library and credentials for a privileged user, we are good to try out some recipes from this chapter.