aws_ec2 – ec2 inventory source

Synopsis

  • Get inventory hosts from Amazon Web Services EC2.
  • Uses a YAML configuration file that ends with aws_ec2.(yml|yaml).

Requirements

The below requirements are needed on the local master node that executes this inventory.

  • boto3
  • botocore

Parameters

Parameter Choices/Defaults Configuration Comments
aws_access_key_id
-
env:AWS_ACCESS_KEY_ID
env:AWS_ACCESS_KEY
env:EC2_ACCESS_KEY
The AWS access key to use. If you have specified a profile, you don't need to provide an access key/secret key/session token.
aws_secret_access_key
-
env:AWS_SECRET_ACCESS_KEY
env:AWS_SECRET_KEY
env:EC2_SECRET_KEY
The AWS secret key that corresponds to the access key. If you have specified a profile, you don't need to provide an access key/secret key/session token.
aws_security_token
-
env:AWS_SECURITY_TOKEN
env:AWS_SESSION_TOKEN
env:EC2_SECURITY_TOKEN
The AWS security token if using temporary access and secret keys.
boto_profile
-
env:AWS_PROFILE
env:AWS_DEFAULT_PROFILE
The boto profile to use.
cache
boolean
Default:
"no"
ini entries:

[inventory]
cache = no

env:ANSIBLE_INVENTORY_CACHE
Toggle to enable/disable the caching of the inventory's source data, requires a cache plugin setup to work.
cache_connection
-
ini entries:

[inventory]
cache_connection = VALUE

env:ANSIBLE_INVENTORY_CACHE_CONNECTION
Cache connection data or path, read cache plugin documentation for specifics.
cache_plugin
-
ini entries:

[inventory]
cache_plugin = VALUE

env:ANSIBLE_INVENTORY_CACHE_PLUGIN
Cache plugin to use for the inventory's source data.
cache_timeout
integer
Default:
3600
ini entries:

[inventory]
cache_timeout = 3600

env:ANSIBLE_INVENTORY_CACHE_TIMEOUT
Cache duration in seconds
compose
dictionary
Default:
{}
create vars from jinja2 expressions
filters
dictionary
Default:
{}
A dictionary of filter value pairs. Available filters are listed here http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options
groups
dictionary
Default:
{}
add hosts to group based on Jinja2 conditionals
hostnames
list
Default:
[]
A list in order of precedence for hostname variables. You can use the options specified in http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options. To use tags as hostnames use the syntax tag:Name=Value to use the hostname Name_Value, or tag:Name to use the value of the Name tag.
keyed_groups
list
Default:
[]
add hosts to group based on the values of a variable
plugin
- / required
    Choices:
  • aws_ec2
token that ensures this is a source file for the 'aws_ec2' plugin.
regions
list
Default:
[]
A list of regions in which to describe EC2 instances.
If empty (the default) default this will include all regions, except possibly restricted ones like us-gov-west-1 and cn-north-1.
strict
boolean
Default:
"no"
If true make invalid entries a fatal error, otherwise skip and continue
Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default.
strict_permissions
boolean
    Choices:
  • no
  • yes ←
By default if a 403 (Forbidden) is encountered this plugin will fail. You can set strict_permissions to False in the inventory config file which will allow 403 errors to be gracefully skipped.

Examples

# Minimal example using environment vars or instance role credentials
# Fetch all hosts in us-east-1, the hostname is the public DNS if it exists, otherwise the private IP address
plugin: aws_ec2
regions:
  - us-east-1

# Example using filters, ignoring permission errors, and specifying the hostname precedence
plugin: aws_ec2
boto_profile: aws_profile
regions: # populate inventory with instances in these regions
  - us-east-1
  - us-east-2
filters:
  # all instances with their `Environment` tag set to `dev`
  tag:Environment: dev
  # all dev and QA hosts
  tag:Environment:
    - dev
    - qa
  instance.group-id: sg-xxxxxxxx
# ignores 403 errors rather than failing
strict_permissions: False
# note: I(hostnames) sets the inventory_hostname. To modify ansible_host without modifying
# inventory_hostname use compose (see example below).
hostnames:
  - tag:Name=Tag1,Name=Tag2  # return specific hosts only
  - tag:CustomDNSName
  - dns-name
  - private-ip-address

# Example using constructed features to create groups and set ansible_host
plugin: aws_ec2
regions:
  - us-east-1
  - us-west-1
# keyed_groups may be used to create custom groups
strict: False
keyed_groups:
  # add e.g. x86_64 hosts to an arch_x86_64 group
  - prefix: arch
    key: 'architecture'
  # add hosts to tag_Name_Value groups for each Name/Value tag pair
  - prefix: tag
    key: tags
  # add hosts to e.g. instance_type_z3_tiny
  - prefix: instance_type
    key: instance_type
  # create security_groups_sg_abcd1234 group for each SG
  - key: 'security_groups|json_query("[].group_id")'
    prefix: 'security_groups'
  # create a group for each value of the Application tag
  - key: tags.Application
    separator: ''
  # create a group per region e.g. aws_region_us_east_2
  - key: placement.region
    prefix: aws_region
# set individual variables with compose
compose:
  # use the private IP address to connect to the host
  # (note: this does not modify inventory_hostname, which is set via I(hostnames))
  ansible_host: private_ip_address

Status

Authors

  • UNKNOWN

Hint

If you notice any issues in this documentation you can edit this document to improve it.