Setup Ansible server to manage several AWS Accounts using dynamic inventory?

Question

How do I setup Ansible server to manage multiple AWS accounts using dynamic inventory, so, I have 20 AWS accounts and want to manage all those from single server (VPC's in all accounts are peered with each other),

I have Installed Ansible and setup boto profile one for each account, by creating 20 profiles (ie 20 access and secret access keys) stored in boto credentials: ~/.aws/credentials.

Is it the right way to manage multiple accounts i am using AWS_PROFILE to specify boto profile while running playbooks.

Is there any other way to do this,instead of storing keys and creating boto profiles.

Answer 1

From Example: AWS EC2 External Inventory Script If you use Boto profiles to manage multiple AWS accounts, you can pass --profile PROFILE name to the ec2.py script. An example profile might be:

[profile dev]
aws_access_key_id = <dev access key>
aws_secret_access_key = <dev secret key>

[profile prod]
aws_access_key_id = <prod access key>
aws_secret_access_key = <prod secret key>

You can then run ec2.py --profile prod to get the inventory for the prod account, although this option is not supported by ansible-playbook . You can also use the AWS_PROFILE variable - for example:

AWS_PROFILE=prod ansible-playbook -i ec2.py myplaybook.yml