Re: [ansible-project] aws_s3 - not sure if I understand how to use

[Dick Visser]

As you are beginning with ansible, start with the simplest option,
which is just a single playbook file, and don't bother with roles yet.
Something like this should already work to create a bucket:


- hosts: localhost
gather_facts: False

tasks:
- name: Create S3 Bucket
aws_s3:
bucket: my-bucket
mode: create
permission: private-read
region: us-east-1

Provided your environment contains AWS_SECRET_ACCESS_KEY and
AWS_ACCESS_KEY_ID. Read
https://docs.ansible.com/ansible/latest/scenario_guides/guide_aws.html
on how that works.

Please note that 'private-read' isn't a valid option for the
permission, see
https://docs.ansible.com/ansible/latest/modules/aws_s3_module.html#parameter-permission
for the supported values.

Dick


On Mon, 17 Feb 2020 at 06:56, David Rivera <david.r...@gmail.com> wrote:
>
>
>
> So I wondering if ansible supports s3, from what I see it does but I just might not understand how to do it. Im a novice at Ansible, esp in the realm of using it in conjunction with AWS.
>
> So I *think* I have to create a role and call it in my playbook?
>
> my role for learning is: s3-create.yml
> - name: Create S3 Bucket
> aws_s3:
> bucket: my-bucket
> mode: create
> permission: private-read
> region: us-east-1
>
>
> my playbook:
> key_name: my-key
> vpc_subnet_id: subnet-02439
> roles:
> - s3-create
> assign_public_ip: yes
> group: my-group
>
>
> when I run it, I get this:
>
> EntePLAY [Test creating ec2 instance with Ansible] ***********************************************************************************
>
> TASK [Gathering Facts] ***********************************************************************************************************
> ok: [localhost]
>
> TASK [Start New ec2 Instance] ****************************************************************************************************
> fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ec2) module: roles Supported parameters include: assign_public_ip, aws_access_key, aws_secret_key, count, count_tag, debug_botocore_endpoint_logs, ebs_optimized, ec2_url, exact_count, group, group_id, id, image, instance_ids, instance_initiated_shutdown_behavior, instance_profile_name, instance_tags, instance_type, kernel, key_name, monitoring, network_interfaces, placement_group, private_ip, profile, ramdisk, region, security_token, source_dest_check, spot_launch_group, spot_price, spot_type, spot_wait_timeout, state, tenancy, termination_protection, user_data, validate_certs, volumes, vpc_subnet_id, wait, wait_timeout, zone"}
>
> PLAY RECAP ***********************************************************************************************************************
> localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
> r code here...
>
>
> From what I read, you cant do it, but that contradicts ansible's docs so I think I just dont know what I am doing..
>
>
> any help would be appreciated..
>
>
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6dff2045-5d8a-4239-ba88-f2a588401c56%40googlegroups.com.



--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

[David Rivera]

Hi,

That was the weird thing.  When I run it it gives me this error.

ERROR!  aws_s3 is not a valid attribute for a Play.

This is the only reason why I started to try a different avenue..

Oh well..

Thanks 

David

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwO%3DgOdeAi8wZ0Ggk%2BoNRMYQyH8tpt1D%3DBa_0xxtsKP9aw%40mail.gmail.com.

[Amit Kulkarni]

Ansible supports S3 and all the operations supported by S3 API. You have to make sure that you have access to AWS CLI and also install python boto.

 This is the framework used for calling AWS API via ansible.

Also make sure that name you have giving to bucket should be unique when you are writing the playbook.

Regards

Amit

[Dick Visser]

I now see that the error you’re getting isn’t from the aws_s3 taks that you posted. 

Instead it’s from an ec2 task - that you did NOT provide. This is quite frustrating - 

next time provide ALL the information and not leave people in the dark please...

Thx

--

Sent from a mobile device - please excuse the brevity, spelling and punctuation.

[David Rivera]

Hi,

I do have AWS cli and boto3 installed as I use those almost on a daily basis.

Yes, 

Thank you for the heads up on the s3 bucket, I just changed it in my post..

Thanks,

David

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAON3ZR0wnyJ0H5ocOvz-cHFZnR3Bksegi26wk6qzx_eiiyE0iA%40mail.gmail.com.

[David Rivera]

I’m sorry,

I get it since you are just trying to help.

Again sorry 

Thanks

David

[Angel Rengifo Cancino]

Hello:

my role for learning is: s3-create.yml

- name: Create S3 Bucket

  aws_s3:

    bucket: my-bucket

    mode: create

    permission: private-read

    region: us-east-1

This piece of code looks good.

my playbook:

  key_name: my-key

      vpc_subnet_id: subnet-02439

      roles:

        - s3-create

      assign_public_ip: yes

      group:  my-group

This short piece of code looks wrong. Is it part of the same playbook or role? Did you remove the previous line of the task? Based on these few lines and your indentation I can't guess what are you trying to do. What module are you using?

 

when I run it, I get this: 

EntePLAY [Test creating ec2 instance with Ansible] ***********************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************

ok: [localhost]

TASK [Start New ec2 Instance] ****************************************************************************************************

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ec2) module: roles Supported parameters include: assign_public_ip, aws_access_key, aws_secret_key, count, count_tag, debug_botocore_endpoint_logs, ebs_optimized, ec2_url, exact_count, group, group_id, id, image, instance_ids, instance_initiated_shutdown_behavior, instance_profile_name, instance_tags, instance_type, kernel, key_name, monitoring, network_interfaces, placement_group, private_ip, profile, ramdisk, region, security_token, source_dest_check, spot_launch_group, spot_price, spot_type, spot_wait_timeout, state, tenancy, termination_protection, user_data, validate_certs, volumes, vpc_subnet_id, wait, wait_timeout, zone"}

PLAY RECAP ***********************************************************************************************************************

localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

r code here...

I guess you're trying to use the ec2_instance module, but we can see your hole code, so it's hard to help you

Copy all your relevant lines from aws_s3 and ec2_instance modules here in your message so we can understand what's wrong.

[David Rivera]

Hi I actually did edit my original post yesterday with everything I am doing. it is basic stuff, but since I have never really used Ansible much but for a few adhoc tasks, it is just all I know.

Anyways, I was able to figure out how to create a bucket. doing this: now this is not using roles. Yes, I do not really understand the structure of roles yet but I will deal with that later.

How I got it to work cor creating the bucket. Note I was also able to get the creation to work using the aws_s3 module also , but when I wanted to add a policy I noticed I had to use the s3_bucket module.

---
# Create an S3 bucket using a policy
#
#
- hosts: localhost
  gather_facts: no
  connection: local
  tasks:
   - s3_bucket:
       name: mybucket
       policy: "{{ lookup( 'file','test_policy.json' )}}"
       versioning: yes
       tags:
         Name: foo
         Environment: bar

The json policy in my same CWD.

What I am trying to honestly do is find additional ways to manage our AWS environment,  I am curious if for a decent amount of day to day tasks we can leverage Ansible.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAA3McK_Z29tq7uyXz99QZqWh5gPjMiv6nAvzT4SLPjSBuHCPDg%40mail.gmail.com.