ec2.py with boto profiles
738 views
Skip to first unread message
KSS
Sep 2, 2014, 12:13:11 PM9/2/14
to ansible...@googlegroups.com
Hi,
Are there any plans to update ec2.py so boto profiles can be used where we have multiple aws accounts?
We currently use both awscli and boto using profiles to connection the appropriate credentials. I've seen the various ec2 modules now have a 'profile' parameter to enable use of boto profiles, but as far as I can tell, ec2.py doesn't allow for such an option and just relies on boto's default order of precedence for authentication credentials (falling to the credentials used when no profile parameter is passed).
In the situation where people have multiple aws accounts, how are you using ec2.py for dynamic inventory?
Thanks.
Michael DeHaan
Sep 2, 2014, 6:44:52 PM9/2/14
to ansible...@googlegroups.com
There's a pull request for this in the queue, though you could also include your inventories in seperate directories and have different copies of the INI file as a workaround.
(Or use Ansible Tower, which features some very nice graphical inventory sync capabiliies with EC2 -- not trying to oversell it, but it's there, and well done, and can say "only people in team X can deploy to this cloud", etc, which can be nice)
(Or use Ansible Tower, which features some very nice graphical inventory sync capabiliies with EC2 -- not trying to oversell it, but it's there, and well done, and can say "only people in team X can deploy to this cloud", etc, which can be nice)
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8c3445a9-47fd-4034-a237-f13f4c7fdd53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
KSS
Sep 3, 2014, 4:16:17 AM9/3/14
to ansible...@googlegroups.com
Thanks for the reply. I look forward to the version supporting profiles.
As for the workaround, I'm probably just missing something, but I don't see anything in the ini file that suggests having credentials in there. We need to use different credentials for every AWS account.
Michael DeHaan
Sep 3, 2014, 7:41:43 AM9/3/14
to ansible...@googlegroups.com
Yeah I'm sorry about this one, it uses env vars as is, not settable in the INI file.
Tower solves this by syncing inventory to seperate database groups, so multiple ec2 inventory sources can be mapped to either different inventories or different groups, as you would want.
Merging the boto profile one should provide this feature for you.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5c9b0a41-d9dc-4c1e-b064-9f3ad6a9c6c3%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages