-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAM role support for EC2 dynamic inventory #15196
Conversation
It would be great if we could do this for the entire playbook, and not just for ec2 dynamic inventory. |
Looks good to me. @MichaelBaydoun do you mean for all the other AWS modules? IMO ec2.py is at least a little separate so I wouldn't block this pending IAM support for all other modules. |
@ryansb Agreed, I'm not suggesting holding this merge up, it's a good improvement. Just floating the idea that down the road, it would be great if we had iam role assumption capability in the core, for all the modules. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tweak on the if
check, other than that looks good.
@@ -475,6 +479,13 @@ def connect_to_aws(self, module, region): | |||
connect_args['profile_name'] = self.boto_profile | |||
self.boto_fix_security_token_in_profile(connect_args) | |||
|
|||
if self.iam_role: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs a guard, since self.iam_role
will be unset if the option isn't specified.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seemed more in line with the rest of the code to define the variable with a default value in read_settings
.
shipit |
1 similar comment
shipit |
-1 This merge would cause regression of #15890. |
@nethershaw it doesn't seem to relate to the change in #15890, so might need some more detail as to how you identified that it would cause such a regression. |
I tried your changes with current Ansible 2.2.0 with the dynamic inventory from the docs. Works as intended! The only thing missing was from boto import sts at the top of |
@HontoNoRoger You are absolutely correct. An oversight on my part when creating the PR. It has been fixed. Will fix merge conflict later today |
@areian this PR contains the following merge comits: Please rebase your branch to remove these commits. |
ISSUE TYPE
ANSIBLE VERSION
Tested on both
2.1.0
and1.9.4
SUMMARY
This change allows the EC2 dynamic inventory to assume an IAM role prior to connecting to the AWS modules.
We needed this functionality at my company due to how we have structured our AWS setup, and I thought others might find it useful.