This repository hosts the cloud.aws_ops Ansible Collection.
The collection includes a variety of Ansible roles, playbooks, and rulebooks to help automate the management of resources on AWS.
This collection has been tested against following Ansible versions: >=2.14.0.
Click on the name of a role, playbook, or rulebook to view that content's documentation:
| Name | Description |
|---|---|
| cloud.aws_ops.aws_setup_credentials | A role to define credentials for aws modules. |
| cloud.aws_ops.awsconfig_detach_and_delete_internet_gateway | A role to detach and delete the internet gateway you specify from virtual private cloud. |
| cloud.aws_ops.awsconfig_multiregion_cloudtrail | A role to create/delete a Trail for multiple regions. |
| cloud.backup_create_plan | A role to create an AWS backup plan. |
| cloud.backup_select_resources | A role to select resources to back up with an existing backup plan. |
| cloud.aws_ops.customized_ami | A role to manage custom AMIs on AWS. |
| cloud.aws_ops.ec2_instance_terminate_by_tag | A role to terminate the EC2 instances based on a specific tag you specify. |
| cloud.aws_ops.enable_cloudtrail_encryption_with_kms | A role to encrypt an AWS CloudTrail trail using the AWS Key Management Service (AWS KMS) customer managed key you specify. |
| cloud.aws_ops.manage_vpc_peering | A role to create, delete and accept existing VPC peering connections. |
| cloud.aws_ops.moving_objects_between_buckets | A role to move objects from one bucket to another bucket. |
| cloud.aws_ops.awsconfig_apigateway_with_lambda_integration | A role to create/delete an API gateway with lambda function integration. |
| cloud.aws_ops.manage_transit_gateway | A role to create/delete transit_gateway with vpc and vpn attachments. |
| cloud.aws_ops.deploy_flask_app | A role to deploy a flask web application on AWS. |
| cloud.aws_ops.create_rds_global_cluster | A role to create, delete aurora global cluster with a primary cluster and a replica cluster in different regions. |
| cloud.aws_ops.clone_on_prem_vm | A role to clone an existing on prem VM using the KVM hypervisor. |
| cloud.aws_ops.import_image_and_run_aws_instance | A role that imports a local .raw image into an Amazon Machine Image (AMI) and run an AWS EC2 instance. |
| Name | Description |
|---|---|
| cloud.aws_ops.eda | A set of playbooks to restore AWS Cloudtrail configurations, created for use with the cloud.aws_manage_cloudtrail_encryption rulebook. |
| cloud.aws_ops.webapp | A set of playbooks to create, delete, or migrate a webapp on AWS. |
| cloud.aws_ops.upload_file_to_s3 | A playbook to upload a local file to S3. |
| cloud.aws_ops.move_vm_from_on_prem_to_aws | A playbook to migrate an existing on prem VM running on KVM hypervisor to AWS. |
| Name | Description |
|---|---|
| cloud.aws_ops.aws_manage_cloudtrail_encryption | An Event-Driven Ansible rulebook to ensure that an existing encrypted AWS Cloudtrail trail will not be deleted or have its encryption removed. |
The amazon.aws and community.aws collections MUST be installed in order for this collection to work.
To run rulebooks, ansible-rulebook must be installed.
To consume this Validated Content from Automation Hub, please ensure that you add the following lines to your ansible.cfg file.
[galaxy]
server_list = automation_hub
[galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=<SuperSecretToken>
The token can be obtained from the Automation Hub Web UI.
Once the above steps are done, you can run the following command to install the collection.
ansible-galaxy collection install cloud.aws_ops
Once installed, you can reference the cloud.aws_ops collection content by its fully qualified collection name (FQCN), for example:
- hosts: all
tasks:
- name: Include 'enable_cloudtrail_encryption_with_kms' role
ansible.builtin.include_role:
name: cloud.aws_ops.enable_cloudtrail_encryption_with_kms
vars:
enable_cloudtrail_encryption_with_kms_trail_name: "{{ cloudtrail_name }}"
enable_cloudtrail_encryption_with_kms_kms_key_id: "{{ kms_alias }}"- Ansible Using collections for more details.
- Ansible Rulebook documentation for information on using rulebooks.
We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against this collection repository.
The project uses ansible-lint and black.
Assuming this repository is checked out in the proper structure,
e.g. collections_root/ansible_collections/cloud/aws_ops/, run:
tox -e lintersSanity and unit tests are run as normal:
ansible-test sanityIf you want to run cloud integration tests, ensure you log in to the cloud:
# using the "default" profile on AWS
aws configure set aws_access_key_id my-access-key
aws configure set aws_secret_access_key my-secret-key
aws configure set region eu-north-1
ansible-test integration [target]This collection is tested using GitHub Actions. To know more about CI, refer to CI.md.
GNU General Public License v3.0 or later
See LICENSE to see the full text.