/ansible-aws_cli

Ansible role for configuring the AWS CLI

Primary LanguageJinjaApache License 2.0Apache-2.0

Ansible role: aws_cli

Ansible role Ansible role quality Ansible role downloads License Follow us on twitter

Description

A role to install and configure the AWS Command Line Interface (CLI).

This role features:

  • Full test coverage.
  • Support for configuring as many AWS profiles are you like.
  • Configuration of variables on both the role- or profile-level. Profile-level variables take precedence over role-level variables.
  • No default profile-level configuration variables.
  • Writing nothing to config files when nothing is provided. If you want the role to only install the AWS CLI and prefer to configure things using environment variables.
  • Global definition of AWS CLI variables. For example, if you want to use the us-east-2 region throughout every profile, just use region: us-east-2 in your playbook.
  • The ability to install or uninstall the AWS CLI tool.
  • Support for most major platforms.

Installation

Using ansible-galaxy:

$ ansible-galaxy install badpacketsllc.aws_cli

Using requirements.yml:

---
- src: badpacketsllc.aws_cli

Using git:

$ git clone https://github.com/badpacketsllc/ansible-aws_cli.git

Role Variables

variable name default value description required
aws_cli_user {{ ansible_user }} name of the user who will run the aws command no
aws_cli_user_group {{ aws_cli_user }} name of the user group that will own the .aws/ directory no
aws_user_dir "/home/{{ aws_cli_user }}/.aws" home directory of the user who will run the aws command no
profiles none aws profile names no
region none aws region where your resources life no
output none cli output format no
aws_access_key_id none aws iam access key no
aws_secret_access_key none aws iam secret access key no
aws_cli_package_state present install the package if state is set to present. uninstall the package if state is set to absent no

Example Playbooks

A minimal playbook that does not set up configuration files in .aws/

---
- hosts: all

  tasks:
    - name: Set up aws-cli
      import_role:
        name: badpacketsllc.aws_cli

A playbook that configures .aws/ for one region

---
- hosts: all

  tasks:
    - name: Set up aws-cli
      import_role:
        name: badpacketsllc.aws_cli
      vars:
        profiles:
          - name: default
            region: us-east-1
            output: text
            aws_access_key_id: AKIAIOSDNKOW7EXAMPLE
            aws_secret_access_key: wJalrXUtnFEMI/F3GXCLG/bPxRfiCYEXAMPLEKEY
Results:
$ cat ~/.aws/config
# Ansible managed

[default]
region = us-east-1
output = text
$ cat ~/.aws/credentials
# Ansible managed

[default]
aws_access_key_id = AKIAIOSDNKOW7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/F3GXCLG/bPxRfiCYEXAMPLEKEY

You can find more examples, including the use of multiple profiles, in the test suite.

Note: do not put cleartext secrets under version control. Consider using an encrypted file or an environment variable.

Contributing

Contributions are encouraged! Learn how to contribute by reading CONTRIBUTING.md. Please be nice and follow our Code of Conduct.

License

Apache License 2.0

Author Information

Mathew Woodyard

@ctidelivery

Contributors

Special thanks to crashsystems for his initial code review and Troy Mursch for his ongoing code reviews.