Skip to content

Ansible role for installing AWS tools, like awscli, cloudwatch logs agent, codedeploy agent, etc...

Notifications You must be signed in to change notification settings

claranet-coast/ansible-role-aws-tools

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

81 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ansible Role for AWS tools

Build Status

Select tools to install

In vars file main.yaml there are the variables to select which components install or not. Override them with value false to not install that role. By default all variables are true and all components are installed

  • install_awscli: for the awscli
  • install_cloudwatch_agent: for cloudwatch agent
  • install_custom_metrics: for custom metrics in cloudwatch agent
  • install_codedeploy: for codedeploy agent
  • install_cfn_bootstrap: for cfn-bootstrap components
  • ec2_assign_elastic_ip: for aws-ec2-assign-elastic-ip tool
  • autoscaling: if EC2 instance is in autoscaling group. This needs the DescribeTags permission

How to use it manually

Add this repository in the roles folder of your playbook and use it as normale role.

For example for an ubuntu instance:

---

- hosts: all
  remote_user: ubuntu
  become: yes
  become_method: sudo

  roles:
    - ansible-role-aws-tools

Cloudwatch logs

Define a logs variable in your task to include and format logs. For example:

  vars:
    - logs:
      - file: /var/log/tomcat8/spring.log
        format: "%Y-%m-%d %H:%M:%S.%f"
        group_name: spring
        stream_name: {instance_id}
      - file: /var/log/auth.log
        group_name: auth.log
        format: "%H: %M: %S%y%b%-d"
        stream_name: {instance_id}

Roles

To ensure that the metrics, log, codedeploy agent work correctly assign to EC2 instance a role with the following permssion:

Role for custom metrics

Cloudformation yaml format:

- PolicyName: metrics
  PolicyDocument:
      Version: '2012-10-17'
      Statement:
      - Effect: Allow
        Action:
        - cloudwatch:PutMetricData
        - cloudwatch:GetMetricStatistics
        - cloudwatch:ListMetrics
        - ec2:DescribeTags
        Resource:
        - '*'

JSON Format:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "cloudwatch:PutMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Role for logs

Cloudformation yaml format:

- PolicyName: logs
  PolicyDocument:
      Version: '2012-10-17'
      Statement:
      - Effect: Allow
        Action:
        - logs:CreateLogGroup
        - logs:CreateLogStream
        - logs:PutLogEvents
        - logs:DescribeLogStreams
        Resource:
        - arn:aws:logs:*:*:*

JSON format

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogStreams"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:logs:*:*:*"
    }
  ]
}

Role for codedeploy

- PolicyName: s3-codedeploy
  PolicyDocument:
      Version: '2012-10-17'
      Statement:
      - Effect: Allow
        Action:
        - s3:Get*
        - s3:List*
        Resource:
        - arn:aws:s3:::bucket-name-for-codedeploy-archive/*

JSON Format:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bucket-name-for-codedeploy-archive/*"
    }
  ]
}

Role for aws-ec2-assign-elastic-ip

- PolicyName: associateEIP
  PolicyDocument:
    Version: '2012-10-17'
    Statement:
    - Effect: Allow
      Action:
      - ec2:AssociateAddress
      - ec2:Describe*
      Resource: "*"

About

Ansible role for installing AWS tools, like awscli, cloudwatch logs agent, codedeploy agent, etc...

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%