Configuring multiple AWS Accounts for Ansible ec2 dynamic inventory
Question
We have five AWS accounts and an IAM user for programmatic access is created in the organizational account. Each of the child accounts have an IAM role with same name. Trust relationship is setup between the user and roles from these accounts. How do I switch between accounts for ec2 dynamic inventory configuration??
Config File - ec2.ini
iam_role = arn:aws:iam::xxxx-xxxx-xxxx:role/RoleName
I have multiple ec2.ini files in different directories.
../env/
├── account -1
│ ├── ec2.ini
│ └── ec2.py
├── account-2
│ ├── ec2.ini
│ └── ec2.py
├── account-3
│ ├── ec2.ini
│ └── ec2.py
└── account-4
├── ec2.ini
└── ec2.py
Ansible Command
ansible-playbook -i ../env/account-x/ec2.py playbook.yml
Is there a process to switch between accounts. My AWS credentials are stored in shared-credentials file.
1 answers
solution1
1 2020-02-10 20:12:33
You can try passing it the profile name before the command:
AWS_PROFILE=account-a ansible-playbook -i ../env/account-x/ec2.py playbook.yml
If role assumption doesn't work then you may need to put together a small script that generates temporary credentials and set the credentials as environmental variables before calling ansible.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.