Skip to content

Latest commit

 

History

History
137 lines (99 loc) · 8.32 KB

README.md

File metadata and controls

137 lines (99 loc) · 8.32 KB

cloud.aws_ops roles/playbooks/rulebooks to demo Ansible on AWS

This repository hosts the cloud.aws_ops Ansible Collection.

The collection includes a variety of Ansible roles, playbooks, and rulebooks to help automate the management of resources on AWS.

Ansible version compatibility

This collection has been tested against following Ansible versions: >=2.14.0.

Included content

Click on the name of a role, playbook, or rulebook to view that content's documentation:

Roles

Name Description
cloud.aws_ops.aws_setup_credentials A role to define credentials for aws modules.
cloud.aws_ops.awsconfig_detach_and_delete_internet_gateway A role to detach and delete the internet gateway you specify from virtual private cloud.
cloud.aws_ops.awsconfig_multiregion_cloudtrail A role to create/delete a Trail for multiple regions.
cloud.backup_create_plan A role to create an AWS backup plan.
cloud.backup_select_resources A role to select resources to back up with an existing backup plan.
cloud.aws_ops.customized_ami A role to manage custom AMIs on AWS.
cloud.aws_ops.ec2_instance_terminate_by_tag A role to terminate the EC2 instances based on a specific tag you specify.
cloud.aws_ops.enable_cloudtrail_encryption_with_kms A role to encrypt an AWS CloudTrail trail using the AWS Key Management Service (AWS KMS) customer managed key you specify.
cloud.aws_ops.manage_vpc_peering A role to create, delete and accept existing VPC peering connections.
cloud.aws_ops.moving_objects_between_buckets A role to move objects from one bucket to another bucket.
cloud.aws_ops.awsconfig_apigateway_with_lambda_integration A role to create/delete an API gateway with lambda function integration.
cloud.aws_ops.manage_transit_gateway A role to create/delete transit_gateway with vpc and vpn attachments.
cloud.aws_ops.deploy_flask_app A role to deploy a flask web application on AWS.
cloud.aws_ops.create_rds_global_cluster A role to create, delete aurora global cluster with a primary cluster and a replica cluster in different regions.
cloud.aws_ops.clone_on_prem_vm A role to clone an existing on prem VM using the KVM hypervisor.
cloud.aws_ops.import_image_and_run_aws_instance A role that imports a local .raw image into an Amazon Machine Image (AMI) and run an AWS EC2 instance.

Playbooks

Name Description
cloud.aws_ops.eda A set of playbooks to restore AWS Cloudtrail configurations, created for use with the cloud.aws_manage_cloudtrail_encryption rulebook.
cloud.aws_ops.webapp A set of playbooks to create, delete, or migrate a webapp on AWS.
cloud.aws_ops.upload_file_to_s3 A playbook to upload a local file to S3.
cloud.aws_ops.move_vm_from_on_prem_to_aws A playbook to migrate an existing on prem VM running on KVM hypervisor to AWS.

Rulebooks

Name Description
cloud.aws_ops.aws_manage_cloudtrail_encryption An Event-Driven Ansible rulebook to ensure that an existing encrypted AWS Cloudtrail trail will not be deleted or have its encryption removed.

Installation and Usage

Requirements

The amazon.aws and community.aws collections MUST be installed in order for this collection to work.

To run rulebooks, ansible-rulebook must be installed.

Installation

To consume this Validated Content from Automation Hub, please ensure that you add the following lines to your ansible.cfg file.

[galaxy]
server_list = automation_hub

[galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=<SuperSecretToken>

The token can be obtained from the Automation Hub Web UI.

Once the above steps are done, you can run the following command to install the collection.

ansible-galaxy collection install cloud.aws_ops

Using this collection

Once installed, you can reference the cloud.aws_ops collection content by its fully qualified collection name (FQCN), for example:

  - hosts: all
    tasks:
      - name: Include 'enable_cloudtrail_encryption_with_kms' role
        ansible.builtin.include_role:
          name: cloud.aws_ops.enable_cloudtrail_encryption_with_kms
        vars:
          enable_cloudtrail_encryption_with_kms_trail_name: "{{ cloudtrail_name }}"
          enable_cloudtrail_encryption_with_kms_kms_key_id: "{{ kms_alias }}"

See Also

Contributing to this collection

We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against this collection repository.

Testing and Development

The project uses ansible-lint and black. Assuming this repository is checked out in the proper structure, e.g. collections_root/ansible_collections/cloud/aws_ops/, run:

  tox -e linters

Sanity and unit tests are run as normal:

  ansible-test sanity

If you want to run cloud integration tests, ensure you log in to the cloud:

# using the "default" profile on AWS
  aws configure set aws_access_key_id     my-access-key
  aws configure set aws_secret_access_key my-secret-key
  aws configure set region                eu-north-1

  ansible-test integration [target]

This collection is tested using GitHub Actions. To know more about CI, refer to CI.md.

License

GNU General Public License v3.0 or later

See LICENSE to see the full text.