Ansible ec2 to assume or not.
20 views
Skip to first unread message
David Blackburn
Aug 18, 2016, 12:53:15 AM8/18/16
to Ansible Project
I am writing play's using the ec2 cloud modules and would like to have the option to run the play using an assumed role or just standard IAM keys. I can use logic to let the play know if I will use IAM or a assumed role but when I skip the "Assume" task the play errors out on the unused variables in the ec2 module. Is there a way I can tell a task to ignore the variables in this task ec2_key when they are not needed, or do I have to write two play books?
Thanks
Dave
- name: Test Assume Variables.
hosts: localhost
connection: local
vars:
arn: true
tasks:
- name: Assume
sts_assume_role:
region: us-west-2
role_arn: "{{ arn }}"
role_session_name: "admin"
register: assumed_role
when: arn != true
- name: ec2 key
ec2_key:
aws_access_key: "{{ assumed_role.sts_creds.access_key }}"
aws_secret_key: "{{ assumed_role.sts_creds.secret_key }}"
security_token: "{{ assumed_role.sts_creds.session_token }}"
region: us-west-2
name: exampleKEYABC
Kai Stian Olstad
Aug 18, 2016, 3:35:22 AM8/18/16
to ansible...@googlegroups.com
On 18. aug. 2016 06:53, David Blackburn wrote:
> I am writing play's using the ec2 cloud modules and would like to have the
> option to run the play using an assumed role or just standard IAM keys. I
> can use logic to let the play know if I will use IAM or a assumed role but
> when I skip the "Assume" task the play errors out on the unused variables
> in the ec2 module. Is there a way I can tell a task to ignore the
> variables in this task ec2_key when they are not needed, or do I have to
> write two play books?
Check out the filter default(omit)
> I am writing play's using the ec2 cloud modules and would like to have the
> option to run the play using an assumed role or just standard IAM keys. I
> can use logic to let the play know if I will use IAM or a assumed role but
> when I skip the "Assume" task the play errors out on the unused variables
> in the ec2 module. Is there a way I can tell a task to ignore the
> variables in this task ec2_key when they are not needed, or do I have to
> write two play books?
https://docs.ansible.com/ansible/playbooks_filters.html#omitting-undefined-variables-and-parameters
--
Kai Stian Olstad
Stephen Granger
Aug 18, 2016, 9:28:49 PM8/18/16
to ansible...@googlegroups.com
if the token is null the tasks will still run.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2c6d7799-0380-4660-bf6e-622e9b054846%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Steve
David Blackburn
Aug 19, 2016, 10:41:58 PM8/19/16
to Ansible Project, ansible-pr...@olstad.com
Many thanks for your reply Kai, this only seems to work on module parameters and not bare variables.
Dave
David Blackburn
Aug 19, 2016, 10:42:30 PM8/19/16
to Ansible Project
Thanks for your Reply Steve, I did think I tested this I will have to give it another try..
Dave
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2c6d7799-0380-4660-bf6e-622e9b054846%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Steve
Reply all
Reply to author
Forward
0 new messages