为 Ansible ec2 动态清单配置多个 AWS 账户
[英]Configuring multiple AWS Accounts for Ansible ec2 dynamic inventory
问题描述
We have five AWS accounts and an IAM user for programmatic access is created in the organizational account.
我们有五个 AWS 账户,并在组织账户中创建了一个用于编程访问的 IAM 用户。 Each of the child accounts have an IAM role with same name.每个子账户都有一个同名的 IAM 角色。 Trust relationship is setup between the user and roles from these accounts.这些帐户的用户和角色之间建立了信任关系。 How do I switch between accounts for ec2 dynamic inventory configuration??如何在 ec2 动态库存配置的帐户之间切换?
Config File - ec2.ini配置文件 - ec2.ini
iam_role = arn:aws:iam::xxxx-xxxx-xxxx:role/RoleName
I have multiple ec2.ini files in different directories.我在不同的目录中有多个 ec2.ini 文件。
../env/
├── account -1
│ ├── ec2.ini
│ └── ec2.py
├── account-2
│ ├── ec2.ini
│ └── ec2.py
├── account-3
│ ├── ec2.ini
│ └── ec2.py
└── account-4
├── ec2.ini
└── ec2.py
Ansible Command Ansible 命令
ansible-playbook -i ../env/account-x/ec2.py playbook.yml
Is there a process to switch between accounts.是否有在帐户之间切换的过程。 My AWS credentials are stored in shared-credentials file.我的 AWS 凭证存储在共享凭证文件中。
1 个解决方案
解决方案1
1 2020-02-10 20:12:33
You can try passing it the profile name before the command:您可以尝试在命令之前将配置文件名称传递给它:
AWS_PROFILE=account-a ansible-playbook -i ../env/account-x/ec2.py playbook.yml
If role assumption doesn't work then you may need to put together a small script that generates temporary credentials and set the credentials as environmental variables before calling ansible.如果角色假设不起作用,那么您可能需要在调用 ansible 之前组合一个小脚本来生成临时凭据并将凭据设置为环境变量。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.