[英]Fetch AWS SSM Parameter using ansible and using aws profile or arn
Trying to fetch secrets from another AWS account using ansible.尝试使用 ansible 从另一个 AWS 账户获取机密。 Do we have any option to use I am role arn of the secret aws account to fetch parameters.我们是否可以选择使用我是秘密 aws 帐户的角色 arn 来获取参数。 Because every instance that we are creating will have linked with this secrets AWS accounts ARN.因为我们创建的每个实例都将与这个秘密 AWS 账户 ARN 相关联。
IAMSECRETARN : arn:aws:iam::xxxxxxxx:role/service/xxx-xxxx-xxxxx-xxxxx-xxx-79392xx94110xxxx
---
- name: Testing shared Roles
hosts: all
tasks:
- name: lookup a key which doesn't exist failing to store it in a fact
set_fact:
temp_secret: "{{ lookup('aws_ssm', '/xxx/xxx/xxx/ansible-tower/admin_password' region='us-east-1', aws_profile='xxx-xxx-xxx') }}"
ignore_errors: true
- name: SSM PARAMS
debug:
msg: "{{ temp_secret }}"
Instead of "profile" need to use the "arn" or any other method without secret and access key而不是“profile”需要使用“arn”或任何其他没有秘密和访问密钥的方法
I DID WITH THE BELOW CODE AS OF NOW:我现在使用以下代码:
---
- name: ssm parameter
hosts: localhost
gather_facts: false
connection: local
tasks:
- sts_assume_role:
role_arn: "arn:aws:iam::xxxxxxx:role/xxxxx/xxxxxx"
role_session_name: "ssm"
region: us-east-1
register: assumed_role
no_log: true
- name: lookup ssm parameter
debug: msg="{{ lookup('aws_ssm', '/xxx/xxx/xxx/xxxx/database_password', region='us-east-1', aws_access_key=assumed_role.sts_creds.access_key, aws_secret_key=assumed_role.sts_creds.secret_key, aws_security_token=assumed_role.sts_creds.session_token ) }}"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.