In vars file main.yaml there are the variables to select which components install or not. Override them with value false to not install that role. By default all variables are true and all components are installed
- install_awscli: for the awscli
- install_cloudwatch_agent: for cloudwatch agent
- install_custom_metrics: for custom metrics in cloudwatch agent
- install_codedeploy: for codedeploy agent
- install_cfn_bootstrap: for cfn-bootstrap components
- ec2_assign_elastic_ip: for aws-ec2-assign-elastic-ip tool
- autoscaling: if EC2 instance is in autoscaling group. This needs the DescribeTags permission
Add this repository in the roles folder of your playbook and use it as normale role.
For example for an ubuntu instance:
---
- hosts: all
remote_user: ubuntu
become: yes
become_method: sudo
roles:
- ansible-role-aws-tools
Define a logs variable in your task to include and format logs. For example:
vars:
- logs:
- file: /var/log/tomcat8/spring.log
format: "%Y-%m-%d %H:%M:%S.%f"
group_name: spring
stream_name: {instance_id}
- file: /var/log/auth.log
group_name: auth.log
format: "%H: %M: %S%y%b%-d"
stream_name: {instance_id}
To ensure that the metrics, log, codedeploy agent work correctly assign to EC2 instance a role with the following permssion:
Cloudformation yaml format:
- PolicyName: metrics
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- cloudwatch:PutMetricData
- cloudwatch:GetMetricStatistics
- cloudwatch:ListMetrics
- ec2:DescribeTags
Resource:
- '*'
JSON Format:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Cloudformation yaml format:
- PolicyName: logs
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- logs:DescribeLogStreams
Resource:
- arn:aws:logs:*:*:*
JSON format
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*"
}
]
}
- PolicyName: s3-codedeploy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:Get*
- s3:List*
Resource:
- arn:aws:s3:::bucket-name-for-codedeploy-archive/*
JSON Format:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucket-name-for-codedeploy-archive/*"
}
]
}
- PolicyName: associateEIP
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ec2:AssociateAddress
- ec2:Describe*
Resource: "*"