/cloud.aws_ops

Ansible Roles for managing AWS Resources

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

cloud.aws_ops Validated Content Collection

This repository hosts the cloud.aws_ops Ansible Collection.

Description

This collection is curated to provide users with a robust set of roles, playbooks, and rulebooks that simplify and streamline various AWS operations.

Requirements

The amazon.aws and community.aws collections MUST be installed in order for this collection to work.

To run rulebooks, ansible-rulebook must be installed.

Ansible version compatibility

This collection has been tested against following Ansible versions: >=2.15.0.

Included content

Click on the name of a role, playbook, or rulebook to view that content's documentation:

Roles

Name Description
cloud.aws_ops.aws_setup_credentials A role to define credentials for aws modules.
cloud.aws_ops.awsconfig_detach_and_delete_internet_gateway A role to detach and delete the internet gateway you specify from virtual private cloud.
cloud.aws_ops.awsconfig_multiregion_cloudtrail A role to create/delete a Trail for multiple regions.
cloud.aws_ops.backup_create_plan A role to create an AWS backup plan.
cloud.aws_ops.backup_select_resources A role to select resources to back up with an existing backup plan.
cloud.aws_ops.customized_ami A role to manage custom AMIs on AWS.
cloud.aws_ops.ec2_instance_terminate_by_tag A role to terminate the EC2 instances based on a specific tag you specify.
cloud.aws_ops.enable_cloudtrail_encryption_with_kms A role to encrypt an AWS CloudTrail trail using the AWS Key Management Service (AWS KMS) customer managed key you specify.
cloud.aws_ops.manage_vpc_peering A role to create, delete and accept existing VPC peering connections.
cloud.aws_ops.move_objects_between_buckets A role to move objects from one bucket to another bucket.
cloud.aws_ops.awsconfig_apigateway_with_lambda_integration A role to create/delete an API gateway with lambda function integration.
cloud.aws_ops.manage_transit_gateway A role to create/delete transit_gateway with vpc and vpn attachments.
cloud.aws_ops.deploy_flask_app A role to deploy a flask web application on AWS.
cloud.aws_ops.create_rds_global_cluster A role to create, delete aurora global cluster with a primary cluster and a replica cluster in different regions.
cloud.aws_ops.clone_on_prem_vm A role to clone an existing on prem VM using the KVM hypervisor.
cloud.aws_ops.import_image_and_run_aws_instance A role that imports a local .raw image into an Amazon Machine Image (AMI) and run an AWS EC2 instance.

Playbooks

Name Description
cloud.aws_ops.eda A set of playbooks to restore AWS Cloudtrail configurations, created for use with the cloud.aws_manage_cloudtrail_encryption rulebook.
cloud.aws_ops.webapp A set of playbooks to create, delete, or migrate a webapp on AWS.
cloud.aws_ops.upload_file_to_s3 A playbook to upload a local file to S3.
cloud.aws_ops.move_vm_from_on_prem_to_aws A playbook to migrate an existing on prem VM running on KVM hypervisor to AWS.

Rulebooks

Name Description
cloud.aws_ops.aws_manage_cloudtrail_encryption An Event-Driven Ansible rulebook to ensure that an existing encrypted AWS Cloudtrail trail will not be deleted or have its encryption removed.

Installation

To consume this Validated Content from Automation Hub, please ensure that you add the following lines to your ansible.cfg file.

[galaxy]
server_list = automation_hub

[galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=<SuperSecretToken>

The token can be obtained from the Automation Hub Web UI.

Once the above steps are done, you can run the following command to install the collection.

ansible-galaxy collection install cloud.aws_ops

Use Cases

Once installed, you can reference the cloud.aws_ops collection content by its fully qualified collection name (FQCN), for example:

  # The following example restores encryption to an existing AWS Cloudtrail trail using the enable_cloudtrail_encryption_with_kms role
  - hosts: all
    tasks:
      - name: Include 'enable_cloudtrail_encryption_with_kms' role
        ansible.builtin.include_role:
          name: cloud.aws_ops.enable_cloudtrail_encryption_with_kms
        vars:
          enable_cloudtrail_encryption_with_kms_trail_name: "{{ cloudtrail_name }}"
          enable_cloudtrail_encryption_with_kms_kms_key_id: "{{ kms_alias }}"

  # The following example uses the ``cloud.aws_ops.clone_on_prem_vm`` role to clone an existing VM on prem using the KVM hypervisor and the ``cloud.aws_ops.import_image_and_run_aws_instance`` role to import a local .raw image into an Amazon machine image (AMI) and run an AWS EC2 instance.

  - hosts: all
    tasks:
    - name: Import 'cloud.aws_ops.clone_on_prem_vm' role
      ansible.builtin.import_role:
        name: cloud.aws_ops.clone_on_prem_vm
      vars:
        clone_on_prem_vm_source_vm_name: "{{ source_vm_name }}"
        clone_on_prem_vm_image_name: "{{ image_name }}"
        clone_on_prem_vm_uri: "{{ uri }}"
        clone_on_prem_vm_local_image_path: "{{ local_image_path }}"
        clone_on_prem_vm_overwrite: "{{ overwrite }}"
      delegate_to: kvm

    - name: Import 'cloud.aws_ops.import_image_and_run_aws_instance' role
      ansible.builtin.import_role:
        name: cloud.aws_ops.import_image_and_run_aws_instance
      vars:
        import_image_and_run_aws_instance_bucket_name: "{{ bucket_name }}"
        import_image_and_run_aws_instance_image_path: "{{ raw_image_path }}"
        import_image_and_run_aws_instance_instance_name: "{{ instance_name }}"
        import_image_and_run_aws_instance_instance_type: "{{ instance_type }}"
        import_image_and_run_aws_instance_import_image_task_name: "{{ import_image_task_name }}"
        import_image_and_run_aws_instance_keypair_name: "{{ keypair_name }}"

Testing

The project uses ansible-lint and black. Assuming this repository is checked out in the proper structure, e.g. collections_root/ansible_collections/cloud/aws_ops/, run:

  tox -e linters

Sanity and unit tests are run as normal:

  ansible-test sanity

If you want to run cloud integration tests, ensure you log in to the cloud:

# using the "default" profile on AWS
  aws configure set aws_access_key_id     my-access-key
  aws configure set aws_secret_access_key my-secret-key
  aws configure set region                eu-north-1

  ansible-test integration [target]

This collection is tested using GitHub Actions. To know more about CI, refer to CI.md.

Contributing to this collection

We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against this collection repository. See CONTRIBUTING.md for more details.

Support

For the latest supported versions, refer to the release notes below.

If you encounter issues or have questions, you can submit a support request through the following channels:

  • GitHub Issues: Report bugs, request features, or ask questions by opening an issue in the GitHub repository.
  • Ansible Community: Engage with the Ansible community on the Ansible Project Mailing List or Ansible Forum.

Release Notes

See the raw generated changelog.

Related Information

License

GNU General Public License v3.0 or later

See LICENSE to see the full text.