christiangda.awscli_configure

Ansible Role: christiangda.awscli

This role sets up the files needed to configure the AWS Command Line Interface (awscli).

It is a straightforward role, its main job is to convert variables defined in a yaml format into the .ini file format for the .aws/config and .aws/credentials files, and place them where you specify.

To install this role, run the command ansible-galaxy install christiangda.awscli_configure. You can find it in the Ansible Galaxy repository here.

The source code is available on GitHub.

Check out the examples for better understanding.

Requirements

This role works on the following Linux distributions:

RedHat
- 6 (*)
- 7
- 8
CentOS
- 6 (*)
- 7
- 8
Ubuntu
- 14.* (*)
- 16.* (*)
- 18.*
- 19.*
Debian
- jessie (8) (*)
- stretch (9)
- buster (10)
- sid (unstable)

(*) These versions are not tested and may have issues.

For compatibility between Python and Ansible, refer to the Travis-CI build matrix.

Role Variables

Variable	Default Value
awscliconf_path	"~/."
awscliconf_recursive_path_creation	false
awscliconf_files_owner	"root"
awscliconf_files_group	"root"
awscliconf_files	"" --> Empty

For more details: Check the file defaults/main.yaml.

Dependencies

This role has no dependencies, but it's essential to install AWS Command Line Interface (awscli) to use it effectively. You can use my role christiangda.awscli to help with the installation of awscli.

Example Playbook

For RedHat/CentOS, Ubuntu, and Debian

Assuming you have already installed AWS Command Line Interface (awscli):

- hosts: redhat-8
    gather_facts: True
    roles:
      - role: christiangda.awscli_configure
        vars:
          awscliconf_path: '/home/christian.gonzalez'
          awscliconf_files_owner: 'christian.gonzalez'
          awscliconf_files_group: 'christian.gonzalez'
          awscliconf_files:
            credentials:
              - default:
                  aws_access_key_id: 'AKIAIOSFODNN7EXAMPLE'
                  aws_secret_access_key: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
            config:
              - default:
                  region: us-west-2
                  output: json
              - profile development:
                  role_arn: 'arn:aws:iam::123456789012:role/role-for-development'
                  mfa_serial: 'arn:aws:iam::11111111111:mfa/christian.gonzalez'
                  region: eu-west-1
                  source_profile: default

For Systems Without AWS CLI Installed

If you have RedHat/CentOS 8 or Debian/Ubuntu and you haven't installed AWS Command Line Interface (awscli):

- hosts: redhat-8
    gather_facts: True
    roles:
      - role: christiangda.awscli
      - role: christiangda.awscli_configure
        vars:
          awscliconf_files:
            credentials:
              - default:
                  aws_access_key_id: 'AKIAIOSFODNN7EXAMPLE'
                  aws_secret_access_key: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
            config:
              - default:
                  region: us-west-2
                  output: json
              - profile development:
                  role_arn: 'arn:aws:iam::123456789012:role/role-for-development'
                  mfa_serial: 'arn:aws:iam::11111111111:mfa/christian.gonzalez'
                  region: eu-west-1
                  source_profile: default

For RedHat/CentOS 6/7 Without AWS CLI and EPEL

If you don't have AWS Command Line Interface (awscli) and the EPEL repository installed, and you want to use my roles:

- hosts: redhat-7
    gather_facts: True
    roles:
      - role: christiangda.epel_repo
      - role: christiangda.awscli
      - role: christiangda.awscli_configure
        vars:
          awscliconf_files:
            credentials:
              - default:
                  aws_access_key_id: 'AKIAIOSFODNN7EXAMPLE'
                  aws_secret_access_key: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
            config:
              - default:
                  region: us-west-2
                  output: json
              - profile development:
                  role_arn: 'arn:aws:iam::123456789012:role/role-for-development'
                  mfa_serial: 'arn:aws:iam::11111111111:mfa/christian.gonzalez'
                  region: eu-west-1
                  source_profile: default

For Multiple OS Targets

If you want to install the EPEL repository only for RedHat/CentOS 6/7:

- hosts: servers
    gather_facts: True
    roles:
    - role: christiangda.epel_repo
      when: >
        ansible_os_family == 'RedHat' and (
          ansible_distribution == 'CentOS' or
          ansible_distribution == 'RedHat'
        )
        and (
          ansible_distribution_major_version == '6' or
          ansible_distribution_major_version == '7'
        )
      changed_when: false
    - role: christiangda.awscli
    - role: christiangda.awscli_configure
      vars:
        awscliconf_files:
          credentials:
            - default:
                aws_access_key_id: 'AKIAIOSFODNN7EXAMPLE'
                aws_secret_access_key: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'

            - production-profile:
                aws_access_key_id: 'AKIAIOSFODNN7EXAMPLE'
                aws_secret_access_key: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
          config:
            - default:
                region: us-west-2
                output: json
            - profile development:
                role_arn: arn:aws:iam::123456789012:role/role-name
                role_session_name: maria_garcia_role
                source_profile: production-profile
                aws_session_token: AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4Olgk
                s3:
                  max_concurrent_requests: 20
                  max_queue_size: 10000
                  multipart_threshold: 64MB
                  multipart_chunksize: 16MB
                  max_bandwidth: 50MB/s
                  use_accelerate_endpoint: true
                  addressing_style: path
                api_versions:
                  ec2: '2015-03-01'
                  cloudfront: '2015-09-17'
                tcp_keepalive: false

Development / Contributing

This role is tested using Molecule and developed with Python Virtual Environments.

We primarily use two branches:

master
develop

To contribute:

Fork the project.
Set up your environment.
Fix issues in the develop branch.
Run molecule test.
Create a Pull Request to the official project's develop branch.

References:

Prepare Your Environment

You need Python 3:

mkdir ansible-roles
cd ansible-roles/

python3 -m venv venv
source venv/bin/activate
pip install pip --upgrade
pip install ansible
pip install molecule
pip install 'molecule[docker]'
pip install 'molecule[podman]'
pip install 'molecule[lint]'
pip install molecule-vagrant
pip install python-vagrant
pip install selinux
pip install docker
pip install pytest
pip install pytest-mock
pip install pylint
pip install rope
pip install autopep8
pip install yamllint
pip install flake8
pip install ansible-lint

Clone the Role Repository and Create a Symbolic Link

git clone https://github.com/christiangda/ansible-role-awscli-configure.git
ln -s ansible-role-awscli-configure christiangda.awscli_configure
cd christiangda.awscli_configure

Run the Molecule Test

Available scenarios:

default --> --driver-name docker
podman --> --driver-name podman
centos-8 --> --driver-name centos-8
centos-7 --> --driver-name centos-7
ubuntu-21.04 --> --driver-name ubuntu-21.04

Scenario Default

Run step by step:

molecule create [--scenario-name default]
molecule converge [--scenario-name default]
molecule verify [--scenario-name default]
molecule destroy [--scenario-name default]

Or run all in one:

molecule test [--scenario-name default]

Scenario Podman

Run step by step:

molecule create --scenario-name podman
molecule converge --scenario-name podman
molecule verify --scenario-name podman
molecule destroy --scenario-name podman

Or run all in one: