community / community.aws / 3.4.0 / connection / aws_ssm execute via AWS Systems Manager Authors: Pat Sharkey (@psharkey) <psharkey@cleo.com>, HanumanthaRao MVL (@hanumantharaomvl) <hanumanth@flux7.com>, Gaurav Ashtikar (@gau1991) <gaurav.ashtikar@flux7.com>community.aws.aws_ssm (3.4.0) — connection
Install with ansible-galaxy collection install community.aws:==3.4.0
collections: - name: community.aws version: 3.4.0
This connection plugin allows ansible to execute tasks on an EC2 instance via the aws ssm CLI.
# Stop Spooler Process on Windows Instances - name: Stop Spooler Service on Windows Instances vars: ansible_connection: aws_ssm ansible_shell_type: powershell ansible_aws_ssm_bucket_name: nameofthebucket ansible_aws_ssm_region: us-east-1 tasks: - name: Stop spooler service win_service: name: spooler state: stopped
# Install a Nginx Package on Linux Instance - name: Install a Nginx Package vars: ansible_connection: aws_ssm ansible_aws_ssm_bucket_name: nameofthebucket ansible_aws_ssm_region: us-west-2 tasks: - name: Install a Nginx Package yum: name: nginx state: present
# Create a directory in Windows Instances - name: Create a directory in Windows Instance vars: ansible_connection: aws_ssm ansible_shell_type: powershell ansible_aws_ssm_bucket_name: nameofthebucket ansible_aws_ssm_region: us-east-1 tasks: - name: Create a Directory win_file: path: C:\Windows\temp state: directory
# Making use of Dynamic Inventory Plugin # ======================================= # aws_ec2.yml (Dynamic Inventory - Linux) # This will return the Instance IDs matching the filter #plugin: aws_ec2 #regions: # - us-east-1 #hostnames: # - instance-id #filters: # tag:SSMTag: ssmlinux # ----------------------- - name: install aws-cli hosts: all gather_facts: false vars: ansible_connection: aws_ssm ansible_aws_ssm_bucket_name: nameofthebucket ansible_aws_ssm_region: us-east-1 tasks: - name: aws-cli raw: yum install -y awscli tags: aws-cli
# Execution: ansible-playbook linux.yaml -i aws_ec2.yml # The playbook tasks will get executed on the instance ids returned from the dynamic inventory plugin using ssm connection. # ===================================================== # aws_ec2.yml (Dynamic Inventory - Windows) #plugin: aws_ec2 #regions: # - us-east-1 #hostnames: # - instance-id #filters: # tag:SSMTag: ssmwindows # ----------------------- - name: Create a dir. hosts: all gather_facts: false vars: ansible_connection: aws_ssm ansible_shell_type: powershell ansible_aws_ssm_bucket_name: nameofthebucket ansible_aws_ssm_region: us-east-1 tasks: - name: Create the directory win_file: path: C:\Temp\SSM_Testing5 state: directory
# Execution: ansible-playbook win_file.yaml -i aws_ec2.yml # The playbook tasks will get executed on the instance ids returned from the dynamic inventory plugin using ssm connection. # Install a Nginx Package on Linux Instance; with specific SSE for file transfer - name: Install a Nginx Package vars: ansible_connection: aws_ssm ansible_aws_ssm_bucket_name: nameofthebucket ansible_aws_ssm_region: us-west-2 ansible_aws_ssm_bucket_sse_mode: 'aws:kms' ansible_aws_ssm_bucket_sse_kms_key_id: alias/kms-key-alias tasks: - name: Install a Nginx Package yum: name: nginx state: present
plugin: default: /usr/local/bin/session-manager-plugin description: This defines the location of the session-manager-plugin binary. vars: - name: ansible_aws_ssm_plugin region: default: us-east-1 description: The region the EC2 instance is located. vars: - name: ansible_aws_ssm_region profile: description: Sets AWS profile to use. vars: - name: ansible_aws_ssm_profile version_added: 1.5.0 version_added_collection: community.aws bucket_name: description: The name of the S3 bucket used for file transfers. vars: - name: ansible_aws_ssm_bucket_name instance_id: description: The EC2 instance ID. vars: - name: ansible_aws_ssm_instance_id ssm_timeout: default: 60 description: Connection timeout seconds. type: integer vars: - name: ansible_aws_ssm_timeout access_key_id: description: The STS access key to use when connecting via session-manager. vars: - name: ansible_aws_ssm_access_key_id version_added: 1.3.0 version_added_collection: community.aws session_token: description: The STS session token to use when connecting via session-manager. vars: - name: ansible_aws_ssm_session_token version_added: 1.3.0 version_added_collection: community.aws bucket_sse_mode: choices: - AES256 - aws:kms description: Server-side encryption mode to use for uploads on the S3 bucket used for file transfer. required: false vars: - name: ansible_aws_ssm_bucket_sse_mode version_added: 2.2.0 version_added_collection: community.aws secret_access_key: description: The STS secret key to use when connecting via session-manager. vars: - name: ansible_aws_ssm_secret_access_key version_added: 1.3.0 version_added_collection: community.aws reconnection_retries: default: 3 description: Number of attempts to connect. type: integer vars: - name: ansible_aws_ssm_retries bucket_sse_kms_key_id: description: KMS key id to use when encrypting objects using C(bucket_sse_mode=aws:kms). Ignored otherwise. vars: - name: ansible_aws_ssm_bucket_sse_kms_key_id version_added: 2.2.0 version_added_collection: community.aws