Ansible Role: christiangda.amazon_inspector_agent

This role sets up the AWS Inspector Agent.

Features:

• Installs the AWS Inspector Agent from AWS.
• Manages the Agent's log file rotation.

Requirements

This role works on several Linux distributions including RedHat, CentOS, Amazon Linux, Debian, and Ubuntu.

• RedHat
  • 6, 7
• CentOS
  • 6, 7
• Amazon Linux
  • 1, 2
• Ubuntu
  • 14., 16., 18.*
• Debian
  • Jessie, Stretch

For Python and Ansible compatibility details, check the Travis-CI build matrix.

Role Variables

# possible values:
# - true
# - false
# default value: true
# notes:
# * Set this to false if you don't want automatic updates for the agent.
ia_auto_update: true

# possible values:
# - Refer to the link for possible values
# default value: ""
ia_http_proxy: ""

# possible values:
# - Refer to the link for possible values
# default value: ""
ia_https_proxy: ""

# possible values:
# - Refer to the link for possible values
# default value: "169.254.169.254"
# notes:
# * Always exclude the AWS metadata IP (169.254.169.254) from proxies.
ia_no_proxy: "169.254.169.254"

Dependencies

None.

Example Playbook

For RedHat/CentOS, Ubuntu, and Debian

Using default variable values

- hosts: servers
    gather_facts: True
    roles:
    - role: christiangda.amazon_inspector_agent

Disabling auto-update and configuring proxies

- hosts: servers
    gather_facts: True
    roles:
    - role: christiangda.amazon_inspector_agent
        vars:
            ia_auto_update: false
            ia_http_proxy: "192.168.2.253:3128"
            ia_https_proxy: "192.168.2.253:3128"
            ia_no_proxy: "169.254.169.254,192.168.2.1"

For Amazon Linux 1/2 (my-playbook.yml)

- hosts: all
    gather_facts: True
    become: true
    become_user: root
    become_method: sudo
    remote_user: ec2-user
    roles:
    - role: christiangda.amazon_inspector_agent

Sample Inventory File (inventory)

[all]
10.14.x.y
10.14.v.z

[amazon-1]
10.14.x.y

[amazon-2]
10.14.v.z

How to Use It

ansible-playbook my-playbook.yml \
    --inventory inventory \
    --private-key [~/location of my key.pem] \
    --become \
    --become-user=ec2-user \
    --user ec2-user

Development / Contributing

This role uses Molecule for testing and was developed with Python Virtual Environments.

Set Up Your Environment

For Python 3

mkdir ansible-roles
cd ansible-roles/

python3 -m venv venv
source venv/bin/activate
pip install --upgrade pip
pip install ansible
pip install molecule">=2.22rc1"
pip install selinux docker pytest pytest-mock pylint rope autopep8 yamllint flake8

For Python 2.7

Dependencies

sudo dnf install redhat-rpm-config python-devel libselinux-python

mkdir ansible-roles
cd ansible-roles/

python2.7 -m virtualenv venv
source venv/bin/activate
pip install --upgrade pip
pip install ansible
pip install molecule">=2.22rc1"
pip install selinux docker pytest pytest-mock pylint rope autopep8 yamllint flake8

Clone the Role Repository and Create a Symbolic Link

git clone https://github.com/christiangda/ansible-role-amazon-inspector-agent.git
ln -s ansible-role-amazon-inspector-agent christiangda.amazon_inspector_agent
cd christiangda.amazon_inspector_agent

Run the Tests

Using Docker locally

molecule test [--scenario-name default]

Using Vagrant locally

molecule create --scenario-name vagrant
molecule converge --scenario-name vagrant
molecule verify --scenario-name vagrant

or

molecule test --scenario-name vagrant

If you want to test with VMs, check out this ansible-playground project. It's great for this purpose!

License

This module is licensed under the GNU General Public License Version 3:

• http://www.gnu.org/licenses/gpl-3.0-standalone.html

Author Information

• Christian González Di Antonio