Ansible Role: AWS Inspector

This role installs AWS Inspector (awsagent) on RedHat/CentOS or Debian/Ubuntu systems.

Requirements

There are no special requirements.

Role Variables

Here are the variables you can use, along with their default values (find them in defaults/main.yml):

• aws_inspector_url: "https://d1wk0tztpsntt1.cloudfront.net/linux/latest/install"
• aws_inspector_installer_dest: /tmp/aws_inspector_agent_installer

This is the URL where the inspector installer will be downloaded, and the temporary folder where it will be saved.

• awsagent_state: started
• awsagent_enabled: true

These control the awsagent service; to have Amazon Inspector function properly, the awsagent must be running on any server that you want to examine.

There is also a handler, restart awsagent, to restart the agent if needed.

• aws_inspector_role_test_mode: false

Change this to true if you're testing or using this role outside of an EC2 instance (like in CI or building a server in a different cloud environment).

You can also set up proxy configurations:

• aws_inspector_proxy_enabled: false
• aws_inspector_https_proxy: 127.0.0.1:8080
• aws_inspector_http_proxy: 127.0.0.1:8080
• aws_inspector_no_proxy: 169.254.169.254

Set aws_inspector_proxy_enabled to true and configure the other *_proxy variables to create a /etc/init.d/awsagent.env file for proxy support.

Dependencies

There are no dependencies.

Example Playbook

- hosts: ec2-instances
  roles:
    - geerlingguy.aws-inspector

License

MIT / BSD

Author Information

This role was created in 2017 by Jeff Geerling, who wrote Ansible for DevOps.