Connecting to Windows hosts in EC2 using Kerberos (Tower) (maybe not what you think)

[tra...@aplaceformom.com]

Hello!

Currently in Tower we have dynamic inventory set up to pull in data about EC2 instances from our AWS account. We have vpc_destination_variable set to internal IPs since we connect to EC2 via Direct Connect.

After a lot of work, I have Kerberos working with my Windows hosts! However, my current issue is that this only works when the target is a hostname that exists in AD, not an IP address.

By convention, all of our EC2 instances have their Name tag set to match the AD hostname of the instance. So what I would like to do is setup my dynamic EC2 inventory to use the Name tag's value as the host's target value instead of the internal IP. Unfortunately, I have the impression that this is not possible, since the vpc_destination_variable must be one of the boto.ec2.instance variables specified here http://docs.pythonboto.org/en/latest/ref/ec2.html#module-boto.ec2.instance, which does not include tags as an option.

But maybe I'm looking at this the wrong way - is there a straightforward way to achieve what I'm trying to do? A dynamic inventory that will use Windows/AD host names as the target, at least? Ideally by using the built in utilities that pull from EC2? Any thoughts on how to approach this problem appreciated.

Thank you,

Travis