Ansible Role: AWS Inspector

This role installs AWS Inspector (awsagent) on RedHat/CentOS or Debian/Ubuntu systems.

Requirements

No specific requirements.

Role Variables

Here are the available variables along with their default values (check defaults/main.yml for details):

• aws_inspector_url: "https://d1wk0tztpsntt1.cloudfront.net/linux/latest/install"
• aws_inspector_installer_dest: /tmp/aws_inspector_agent_installer

This variable contains the URL to download the inspector installer and the temporary directory where it will be kept.

• awsagent_state: started
• awsagent_enabled: true

These variables control the state of the awsagent service. For Amazon Inspector to function properly, the awsagent must be running on any server you wish to inspect.

A handler named restart awsagent is also available to restart the agent.

• aws_inspector_role_test_mode: false

Set this to true if you are testing or using this role outside of an EC2 instance (like in CI or on a different cloud server).

Proxy configuration is also supported:

• aws_inspector_proxy_enabled: false
• aws_inspector_https_proxy: 127.0.0.1:8080
• aws_inspector_http_proxy: 127.0.0.1:8080
• aws_inspector_no_proxy: 169.254.169.254

If you want to use a proxy, set aws_inspector_proxy_enabled to true and update the other proxy variables. This will create a /etc/init.d/awsagent.env file to enable proxy support.

Dependencies

No dependencies.

Example Playbook

- hosts: ec2-instances
  roles:
    - geerlingguy.aws-inspector

License

MIT / BSD

Author Information

This role was created in 2017 by Jeff Geerling, the author of Ansible for DevOps.