Try Spotterexecute via AWS Systems Manager
Authors: Pat Sharkey (@psharkey) <psharkey@cleo.com>, HanumanthaRao MVL (@hanumantharaomvl) <hanumanth@flux7.com>, Gaurav Ashtikar (@gau1991) <gaurav.ashtikar@flux7.com>
Install with ansible-galaxy collection install community.aws:==2.6.1
collections:
- name: community.aws
version: 2.6.1This connection plugin allows ansible to execute tasks on an EC2 instance via the aws ssm CLI.
# Stop Spooler Process on Windows Instances
- name: Stop Spooler Service on Windows Instances
vars:
ansible_connection: aws_ssm
ansible_shell_type: powershell
ansible_aws_ssm_bucket_name: nameofthebucket
ansible_aws_ssm_region: us-east-1
tasks:
- name: Stop spooler service
win_service:
name: spooler
state: stopped
# Install a Nginx Package on Linux Instance
- name: Install a Nginx Package
vars:
ansible_connection: aws_ssm
ansible_aws_ssm_bucket_name: nameofthebucket
ansible_aws_ssm_region: us-west-2
tasks:
- name: Install a Nginx Package
yum:
name: nginx
state: present
# Create a directory in Windows Instances
- name: Create a directory in Windows Instance
vars:
ansible_connection: aws_ssm
ansible_shell_type: powershell
ansible_aws_ssm_bucket_name: nameofthebucket
ansible_aws_ssm_region: us-east-1
tasks:
- name: Create a Directory
win_file:
path: C:\Windows\temp
state: directory
# Making use of Dynamic Inventory Plugin
# =======================================
# aws_ec2.yml (Dynamic Inventory - Linux)
# This will return the Instance IDs matching the filter
#plugin: aws_ec2
#regions:
# - us-east-1
#hostnames:
# - instance-id
#filters:
# tag:SSMTag: ssmlinux
# -----------------------
- name: install aws-cli
hosts: all
gather_facts: false
vars:
ansible_connection: aws_ssm
ansible_aws_ssm_bucket_name: nameofthebucket
ansible_aws_ssm_region: us-east-1
tasks:
- name: aws-cli
raw: yum install -y awscli
tags: aws-cli
# Execution: ansible-playbook linux.yaml -i aws_ec2.yml
# The playbook tasks will get executed on the instance ids returned from the dynamic inventory plugin using ssm connection.
# =====================================================
# aws_ec2.yml (Dynamic Inventory - Windows)
#plugin: aws_ec2
#regions:
# - us-east-1
#hostnames:
# - instance-id
#filters:
# tag:SSMTag: ssmwindows
# -----------------------
- name: Create a dir.
hosts: all
gather_facts: false
vars:
ansible_connection: aws_ssm
ansible_shell_type: powershell
ansible_aws_ssm_bucket_name: nameofthebucket
ansible_aws_ssm_region: us-east-1
tasks:
- name: Create the directory
win_file:
path: C:\Temp\SSM_Testing5
state: directory
# Execution: ansible-playbook win_file.yaml -i aws_ec2.yml
# The playbook tasks will get executed on the instance ids returned from the dynamic inventory plugin using ssm connection.
# Install a Nginx Package on Linux Instance; with specific SSE for file transfer
- name: Install a Nginx Package
vars:
ansible_connection: aws_ssm
ansible_aws_ssm_bucket_name: nameofthebucket
ansible_aws_ssm_region: us-west-2
ansible_aws_ssm_bucket_sse_mode: 'aws:kms'
ansible_aws_ssm_bucket_sse_kms_key_id: alias/kms-key-alias
tasks:
- name: Install a Nginx Package
yum:
name: nginx
state: present
plugin:
default: /usr/local/bin/session-manager-plugin
description: This defines the location of the session-manager-plugin binary.
vars:
- name: ansible_aws_ssm_plugin
region:
default: us-east-1
description: The region the EC2 instance is located.
vars:
- name: ansible_aws_ssm_region
profile:
description: Sets AWS profile to use.
vars:
- name: ansible_aws_ssm_profile
version_added: 1.5.0
version_added_collection: community.aws
bucket_name:
description: The name of the S3 bucket used for file transfers.
vars:
- name: ansible_aws_ssm_bucket_name
instance_id:
description: The EC2 instance ID.
vars:
- name: ansible_aws_ssm_instance_id
ssm_timeout:
default: 60
description: Connection timeout seconds.
type: integer
vars:
- name: ansible_aws_ssm_timeout
access_key_id:
description: The STS access key to use when connecting via session-manager.
vars:
- name: ansible_aws_ssm_access_key_id
version_added: 1.3.0
version_added_collection: community.aws
session_token:
description: The STS session token to use when connecting via session-manager.
vars:
- name: ansible_aws_ssm_session_token
version_added: 1.3.0
version_added_collection: community.aws
bucket_sse_mode:
choices:
- AES256
- aws:kms
description: Server-side encryption mode to use for uploads on the S3 bucket used
for file transfer.
required: false
vars:
- name: ansible_aws_ssm_bucket_sse_mode
version_added: 2.2.0
version_added_collection: community.aws
secret_access_key:
description: The STS secret key to use when connecting via session-manager.
vars:
- name: ansible_aws_ssm_secret_access_key
version_added: 1.3.0
version_added_collection: community.aws
reconnection_retries:
default: 3
description: Number of attempts to connect.
type: integer
vars:
- name: ansible_aws_ssm_retries
bucket_sse_kms_key_id:
description: KMS key id to use when encrypting objects using C(bucket_sse_mode=aws:kms).
Ignored otherwise.
vars:
- name: ansible_aws_ssm_bucket_sse_kms_key_id
version_added: 2.2.0
version_added_collection: community.aws