aws_ec2 – EC2 inventory source¶
Synopsis¶
- Get inventory hosts from Amazon Web Services EC2.
- Uses a YAML configuration file that ends with aws_ec2.(yml|yaml).
Requirements¶
The below requirements are needed on the local master node that executes this inventory.
- boto3
- botocore
Parameters¶
| Parameter | Choices/Defaults | Configuration | Comments | 
|---|---|---|---|
| aws_access_key 
                    string
                                                                 | env:EC2_ACCESS_KEY env:AWS_ACCESS_KEY env:AWS_ACCESS_KEY_ID | The AWS access key to use. aliases: aws_access_key_id | |
| aws_profile 
                    string
                                                                 | env:AWS_DEFAULT_PROFILE env:AWS_PROFILE | The AWS profile aliases: boto_profile | |
| aws_secret_key 
                    string
                                                                 | env:EC2_SECRET_KEY env:AWS_SECRET_KEY env:AWS_SECRET_ACCESS_KEY | The AWS secret key that corresponds to the access key. aliases: aws_secret_access_key | |
| aws_security_token 
                    string
                                                                 | env:EC2_SECURITY_TOKEN env:AWS_SESSION_TOKEN env:AWS_SECURITY_TOKEN | The AWS security token if using temporary access and secret keys. | |
| cache 
                    boolean
                                                                 | 
 |  ini entries:
                                                                 [inventory] env:ANSIBLE_INVENTORY_CACHE | Toggle to enable/disable the caching of the inventory's source data, requires a cache plugin setup to work. | 
| cache_connection 
                    string
                                                                 |  ini entries:
                                                                 [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN_CONNECTION env:ANSIBLE_INVENTORY_CACHE_CONNECTION | Cache connection data or path, read cache plugin documentation for specifics. | |
| cache_plugin 
                    string
                                                                 | Default: "memory" |  ini entries:
                                                                 [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN env:ANSIBLE_INVENTORY_CACHE_PLUGIN | Cache plugin to use for the inventory's source data. | 
| cache_prefix 
                    -
                                                                 | Default: "ansible_inventory_" |  ini entries:
                                                                 [default] [inventory] env:ANSIBLE_CACHE_PLUGIN_PREFIX env:ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX | Prefix to use for cache plugin files/tables | 
| cache_timeout 
                    integer
                                                                 | Default: 3600 |  ini entries:
                                                                 [defaults] [inventory] env:ANSIBLE_CACHE_PLUGIN_TIMEOUT env:ANSIBLE_INVENTORY_CACHE_TIMEOUT | Cache duration in seconds | 
| compose 
                    dictionary
                                                                 | Default: {} | Create vars from jinja2 expressions. | |
| filters 
                    dictionary
                                                                 | Default: {} | A dictionary of filter value pairs. Available filters are listed here http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options. | |
| groups 
                    dictionary
                                                                 | Default: {} | Add hosts to group based on Jinja2 conditionals. | |
| hostnames 
                    list
                                                                 | Default: [] | A list in order of precedence for hostname variables. You can use the options specified in http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options. To use tags as hostnames use the syntax tag:Name=Value to use the hostname Name_Value, or tag:Name to use the value of the Name tag. | |
| iam_role_arn 
                    -
                                                                 added in 2.9 | The ARN of the IAM role to assume to perform the inventory lookup. You should still provide AWS credentials with enough privilege to perform the AssumeRole action. | ||
| include_extra_api_calls 
                    boolean
                                                                 added in 2.8 | 
 | Add two additional API calls for every instance to include 'persistent' and 'events' host variables. Spot instances may be persistent and instances may have associated events. | |
| keyed_groups 
                    list
                                                                 | Default: [] | Add hosts to group based on the values of a variable. | |
| plugin 
                    -
                                             / required                     | 
 | Token that ensures this is a source file for the plugin. | |
| regions 
                    list
                                                                 | Default: [] | A list of regions in which to describe EC2 instances. If empty (the default) default this will include all regions, except possibly restricted ones like us-gov-west-1 and cn-north-1. | |
| strict 
                    boolean
                                                                 | 
 | If  yesmake invalid entries a fatal error, otherwise skip and continue.Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default. | |
| strict_permissions 
                    boolean
                                                                 | 
 | By default if a 403 (Forbidden) error code is encountered this plugin will fail. You can set this option to False in the inventory config file which will allow 403 errors to be gracefully skipped. | |
| use_contrib_script_compatible_sanitization 
                    boolean
                                                                 added in 2.8 | 
 | By default this plugin is using a general group name sanitization to create safe and usable group names for use in Ansible. This option allows you to override that, in efforts to allow migration from the old inventory script and matches the sanitization of groups when the script's ``replace_dash_in_groups`` option is set to ``False``. To replicate behavior of ``replace_dash_in_groups = True`` with constructed groups, you will need to replace hyphens with underscores via the regex_replace filter for those entries. For this to work you should also turn off the TRANSFORM_INVALID_GROUP_CHARS setting, otherwise the core engine will just use the standard sanitization on top. This is not the default as such names break certain functionality as not all characters are valid Python identifiers which group names end up being used as. | 
Notes¶
Note
- If no credentials are provided and the control node has an associated IAM instance profile then the role will be used for authentication.
Examples¶
# Minimal example using environment vars or instance role credentials
# Fetch all hosts in us-east-1, the hostname is the public DNS if it exists, otherwise the private IP address
plugin: aws_ec2
regions:
  - us-east-1
# Example using filters, ignoring permission errors, and specifying the hostname precedence
plugin: aws_ec2
boto_profile: aws_profile
# Populate inventory with instances in these regions
regions:
  - us-east-1
  - us-east-2
filters:
  # All instances with their `Environment` tag set to `dev`
  tag:Environment: dev
  # All dev and QA hosts
  tag:Environment:
    - dev
    - qa
  instance.group-id: sg-xxxxxxxx
# Ignores 403 errors rather than failing
strict_permissions: False
# Note: I(hostnames) sets the inventory_hostname. To modify ansible_host without modifying
# inventory_hostname use compose (see example below).
hostnames:
  - tag:Name=Tag1,Name=Tag2  # Return specific hosts only
  - tag:CustomDNSName
  - dns-name
  - private-ip-address
# Example using constructed features to create groups and set ansible_host
plugin: aws_ec2
regions:
  - us-east-1
  - us-west-1
# keyed_groups may be used to create custom groups
strict: False
keyed_groups:
  # Add e.g. x86_64 hosts to an arch_x86_64 group
  - prefix: arch
    key: 'architecture'
  # Add hosts to tag_Name_Value groups for each Name/Value tag pair
  - prefix: tag
    key: tags
  # Add hosts to e.g. instance_type_z3_tiny
  - prefix: instance_type
    key: instance_type
  # Create security_groups_sg_abcd1234 group for each SG
  - key: 'security_groups|json_query("[].group_id")'
    prefix: 'security_groups'
  # Create a group for each value of the Application tag
  - key: tags.Application
    separator: ''
  # Create a group per region e.g. aws_region_us_east_2
  - key: placement.region
    prefix: aws_region
  # Create a group (or groups) based on the value of a custom tag "Role" and add them to a metagroup called "project"
  - key: tags['Role']
    prefix: foo
    parent_group: "project"
# Set individual variables with compose
compose:
  # Use the private IP address to connect to the host
  # (note: this does not modify inventory_hostname, which is set via I(hostnames))
  ansible_host: private_ip_address
Status¶
- This inventory is not guaranteed to have a backwards compatible interface. [preview]
- This inventory is maintained by the Ansible Community. [community]
Authors¶
- Sloane Hertel (@s-hertel)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
Hint
Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.
