This repository hosts the cloud.aws_ops Ansible Collection.
This collection is curated to provide users with a robust set of roles, playbooks, and rulebooks that simplify and streamline various AWS operations.
The amazon.aws and community.aws collections MUST be installed in order for this collection to work.
To run rulebooks, ansible-rulebook must be installed.
This collection has been tested against following Ansible versions: >=2.15.0.
Click on the name of a role, playbook, or rulebook to view that content's documentation:
| Name | Description |
|---|---|
| cloud.aws_ops.aws_setup_credentials | A role to define credentials for aws modules. |
| cloud.aws_ops.awsconfig_detach_and_delete_internet_gateway | A role to detach and delete the internet gateway you specify from virtual private cloud. |
| cloud.aws_ops.awsconfig_multiregion_cloudtrail | A role to create/delete a Trail for multiple regions. |
| cloud.aws_ops.backup_create_plan | A role to create an AWS backup plan. |
| cloud.aws_ops.backup_select_resources | A role to select resources to back up with an existing backup plan. |
| cloud.aws_ops.customized_ami | A role to manage custom AMIs on AWS. |
| cloud.aws_ops.ec2_instance_terminate_by_tag | A role to terminate the EC2 instances based on a specific tag you specify. |
| cloud.aws_ops.enable_cloudtrail_encryption_with_kms | A role to encrypt an AWS CloudTrail trail using the AWS Key Management Service (AWS KMS) customer managed key you specify. |
| cloud.aws_ops.manage_vpc_peering | A role to create, delete and accept existing VPC peering connections. |
| cloud.aws_ops.move_objects_between_buckets | A role to move objects from one bucket to another bucket. |
| cloud.aws_ops.awsconfig_apigateway_with_lambda_integration | A role to create/delete an API gateway with lambda function integration. |
| cloud.aws_ops.manage_transit_gateway | A role to create/delete transit_gateway with vpc and vpn attachments. |
| cloud.aws_ops.deploy_flask_app | A role to deploy a flask web application on AWS. |
| cloud.aws_ops.create_rds_global_cluster | A role to create, delete aurora global cluster with a primary cluster and a replica cluster in different regions. |
| cloud.aws_ops.clone_on_prem_vm | A role to clone an existing on prem VM using the KVM hypervisor. |
| cloud.aws_ops.import_image_and_run_aws_instance | A role that imports a local .raw image into an Amazon Machine Image (AMI) and run an AWS EC2 instance. |
| Name | Description |
|---|---|
| cloud.aws_ops.eda | A set of playbooks to restore AWS Cloudtrail configurations, created for use with the cloud.aws_manage_cloudtrail_encryption rulebook. |
| cloud.aws_ops.webapp | A set of playbooks to create, delete, or migrate a webapp on AWS. |
| cloud.aws_ops.upload_file_to_s3 | A playbook to upload a local file to S3. |
| cloud.aws_ops.move_vm_from_on_prem_to_aws | A playbook to migrate an existing on prem VM running on KVM hypervisor to AWS. |
| Name | Description |
|---|---|
| cloud.aws_ops.aws_manage_cloudtrail_encryption | An Event-Driven Ansible rulebook to ensure that an existing encrypted AWS Cloudtrail trail will not be deleted or have its encryption removed. |
To consume this Validated Content from Automation Hub, please ensure that you add the following lines to your ansible.cfg file.
[galaxy]
server_list = automation_hub
[galaxy_server.automation_hub]
url=https://cloud.redhat.com/api/automation-hub/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token=<SuperSecretToken>
The token can be obtained from the Automation Hub Web UI.
Once the above steps are done, you can run the following command to install the collection.
ansible-galaxy collection install cloud.aws_ops
Once installed, you can reference the cloud.aws_ops collection content by its fully qualified collection name (FQCN), for example:
# The following example restores encryption to an existing AWS Cloudtrail trail using the enable_cloudtrail_encryption_with_kms role
- hosts: all
tasks:
- name: Include 'enable_cloudtrail_encryption_with_kms' role
ansible.builtin.include_role:
name: cloud.aws_ops.enable_cloudtrail_encryption_with_kms
vars:
enable_cloudtrail_encryption_with_kms_trail_name: "{{ cloudtrail_name }}"
enable_cloudtrail_encryption_with_kms_kms_key_id: "{{ kms_alias }}"
# The following example uses the ``cloud.aws_ops.clone_on_prem_vm`` role to clone an existing VM on prem using the KVM hypervisor and the ``cloud.aws_ops.import_image_and_run_aws_instance`` role to import a local .raw image into an Amazon machine image (AMI) and run an AWS EC2 instance.
- hosts: all
tasks:
- name: Import 'cloud.aws_ops.clone_on_prem_vm' role
ansible.builtin.import_role:
name: cloud.aws_ops.clone_on_prem_vm
vars:
clone_on_prem_vm_source_vm_name: "{{ source_vm_name }}"
clone_on_prem_vm_image_name: "{{ image_name }}"
clone_on_prem_vm_uri: "{{ uri }}"
clone_on_prem_vm_local_image_path: "{{ local_image_path }}"
clone_on_prem_vm_overwrite: "{{ overwrite }}"
delegate_to: kvm
- name: Import 'cloud.aws_ops.import_image_and_run_aws_instance' role
ansible.builtin.import_role:
name: cloud.aws_ops.import_image_and_run_aws_instance
vars:
import_image_and_run_aws_instance_bucket_name: "{{ bucket_name }}"
import_image_and_run_aws_instance_image_path: "{{ raw_image_path }}"
import_image_and_run_aws_instance_instance_name: "{{ instance_name }}"
import_image_and_run_aws_instance_instance_type: "{{ instance_type }}"
import_image_and_run_aws_instance_import_image_task_name: "{{ import_image_task_name }}"
import_image_and_run_aws_instance_keypair_name: "{{ keypair_name }}"The project uses ansible-lint and black.
Assuming this repository is checked out in the proper structure,
e.g. collections_root/ansible_collections/cloud/aws_ops/, run:
tox -e lintersSanity and unit tests are run as normal:
ansible-test sanityIf you want to run cloud integration tests, ensure you log in to the cloud:
# using the "default" profile on AWS
aws configure set aws_access_key_id my-access-key
aws configure set aws_secret_access_key my-secret-key
aws configure set region eu-north-1
ansible-test integration [target]This collection is tested using GitHub Actions. To know more about CI, refer to CI.md.
We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against this collection repository. See CONTRIBUTING.md for more details.
For the latest supported versions, refer to the release notes below.
If you encounter issues or have questions, you can submit a support request through the following channels:
- GitHub Issues: Report bugs, request features, or ask questions by opening an issue in the GitHub repository.
- Ansible Community: Engage with the Ansible community on the Ansible Project Mailing List or Ansible Forum.
See the raw generated changelog.
GNU General Public License v3.0 or later
See LICENSE to see the full text.