Path
Search!
Find the Exponential Software extensions you want
ansible-role-aws-tools
| UNIX name | Owner | Status |
|---|---|---|
| ansible-role-aws-tools | 7x | stable |
| Version | Compatible with |
|---|---|
| N/A | N/A |
Ansible role for installing AWS tools, like awscli, cloudwatch logs agent, codedeploy agent, etc...
Ansible Role for AWS tools
Select tools to install
In vars file main.yaml there are the variables to select which components install or not.
Override them with value false to not install that role. By default all variables are true and all components are installed
- install_awscli: for the awscli
- install_cloudwatch_agent: for cloudwatch agent
- _install_custommetrics: for custom metrics in cloudwatch agent
- install_codedeploy: for codedeploy agent
- _install_cfnbootstrap: for cfn-bootstrap components
- ec2_assign_elastic_ip: for aws-ec2-assign-elastic-ip tool
- autoscaling: if EC2 instance is in autoscaling group. This needs the DescribeTags permission
How to use it manually
Add this repository in the roles folder of your playbook and use it as normale role.
For example for an ubuntu instance:
---
- hosts: all
remote_user: ubuntu
become: yes
become_method: sudo
roles:
- ansible-role-aws-tools
Cloudwatch logs
Define a logs variable in your task to include and format logs. For example:
vars:
- logs:
- file: /var/log/tomcat8/spring.log
format: "%Y-%m-%d %H:%M:%S.%f"
group_name: spring
- file: /var/log/auth.log
group_name: auth.log
format: "%H: %M: %S%y%b%-d"
Roles
To ensure that the metrics, log, codedeploy agent work correctly assign to EC2 instance a role with the following permssion:
Role for custom metrics
Cloudformation yaml format:
- PolicyName: metrics
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- cloudwatch:PutMetricData
- cloudwatch:GetMetricStatistics
- cloudwatch:ListMetrics
- ec2:DescribeTags
Resource:
- '*'
JSON Format:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Role for logs
Cloudformation yaml format:
- PolicyName: logs
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- logs:DescribeLogStreams
Resource:
- arn:aws:logs:*:*:*
JSON format
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*"
}
]
}
Role for codedeploy
- PolicyName: s3-codedeploy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:Get*
- s3:List*
Resource:
- arn:aws:s3:::bucket-name-for-codedeploy-archive/*
JSON Format:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucket-name-for-codedeploy-archive/*"
}
]
}
Role for aws-ec2-assign-elastic-ip
- PolicyName: associateEIP
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ec2:AssociateAddress
- ec2:Describe*
Resource: "*"