Ansible AWS deployment: Can we use IAM role instead of Keys?
Question
I have Ansible Master running on an ubuntu ec2 server with IAM role having full permission on Ec2 and nothing else. All the instances deployed using this Ansible-master are although deployed but in terminated state.
Albiet, while I was testing another approach, I created a new master and provided my authentication keys which are of a root user having all the permissions.
Is there a problem with IAM role's permissions or deployment is known not to work with IAM roles?
1 answers
solution1
2 2016-10-03 19:22:38
It works as expected for me:
root@test-node:~# cat /etc/issue
Ubuntu 14.04.4 LTS \n \l
root@test-node:~# ansible --version
ansible 2.1.2.0
config file =
configured module search path = Default w/o overrides
root@test-node:~# pip list | grep boto
boto (2.42.0)
If no credentials are specified in env variables or config files, Boto (library that Ansible uses to connect to AWS) will try to fetch credentials from instance metadata.
You may try to fetch them manually with:
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<role-name>
and pass KeyId and Secret to Ansible via environment variables to test that role's permissions are correct.
Keep in mind, that:
- IAM role should be attached to the EC2 instance before start
- region should be always defined: either via module parameters or via environment variable.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.