From 450ae4afa607c5240bad1ccfac4c8a2e8cdec331 Mon Sep 17 00:00:00 2001 From: ducoterra Date: Thu, 6 Jun 2024 20:38:42 -0400 Subject: [PATCH] add aws installer --- aws/README.md | 21 +++++++++++++++++++++ aws/config_template | 2 ++ aws/creds_template | 3 +++ aws/distribute_aws_creds.yaml | 27 +++++++++++++++++++++++++++ aws/install_aws_cli.yaml | 35 +++++++++++++++++++++++++++++++++++ aws/vars.yaml | 3 +++ 6 files changed, 91 insertions(+) create mode 100644 aws/README.md create mode 100644 aws/config_template create mode 100644 aws/creds_template create mode 100644 aws/distribute_aws_creds.yaml create mode 100644 aws/install_aws_cli.yaml create mode 100644 aws/vars.yaml diff --git a/aws/README.md b/aws/README.md new file mode 100644 index 0000000..556d30f --- /dev/null +++ b/aws/README.md @@ -0,0 +1,21 @@ +# AWS Credentials + +Distributes aws credentials to all machines that need them. + +## Access Key + +```bash +# Delete previous access key +aws iam delete-access-key --user-name route53 --access-key-id "$(aws iam list-access-keys --user-name route53 --output json | jq -r '.AccessKeyMetadata[0].AccessKeyId')" + +# Create new access key +aws iam create-access-key --user-name route53 | jq -r '.AccessKey.AccessKeyId,.AccessKey.SecretAccessKey' | {read AWS_ACCESS_KEY_ID; read AWS_SECRET_ACCESS_KEY;} + +# Send access keys to all servers +ansible-playbook \ + -i ansible/inventory.yaml aws/distribute_aws_creds.yaml \ + --extra-vars "access_key_id=$AWS_ACCESS_KEY_ID secret_access_key=$AWS_SECRET_ACCESS_KEY" + +# List existing access keys +aws iam list-access-keys --user-name route53 --output json +``` diff --git a/aws/config_template b/aws/config_template new file mode 100644 index 0000000..c113e42 --- /dev/null +++ b/aws/config_template @@ -0,0 +1,2 @@ +[profile default] +region={{ region }} diff --git a/aws/creds_template b/aws/creds_template new file mode 100644 index 0000000..a0ed3bd --- /dev/null +++ b/aws/creds_template @@ -0,0 +1,3 @@ +[default] +aws_access_key_id={{ access_key_id }} +aws_secret_access_key={{ secret_access_key }} diff --git a/aws/distribute_aws_creds.yaml b/aws/distribute_aws_creds.yaml new file mode 100644 index 0000000..01369bf --- /dev/null +++ b/aws/distribute_aws_creds.yaml @@ -0,0 +1,27 @@ +- name: Update nginx stream configuration + hosts: colors:kubernetes + become: true + become_user: root + become_method: sudo + vars_files: + - vars.yaml + tasks: + - name: Create .aws dir + ansible.builtin.file: + path: /root/.aws + state: directory + mode: '0700' + - name: Copy credentials + template: + src: creds_template + dest: /root/.aws/credentials + owner: root + group: root + mode: '0600' + - name: Copy config + template: + src: config_template + dest: /root/.aws/config + owner: root + group: root + mode: '0600' diff --git a/aws/install_aws_cli.yaml b/aws/install_aws_cli.yaml new file mode 100644 index 0000000..2119de9 --- /dev/null +++ b/aws/install_aws_cli.yaml @@ -0,0 +1,35 @@ +- name: Update nginx stream configuration + hosts: colors:kubernetes + become: true + become_user: root + become_method: sudo + vars_files: + - vars.yaml + tasks: + - name: Ensure curl, unzip installed + ansible.builtin.dnf: + name: + - curl + - unzip + state: present + - name: Download aws cli zip + ansible.builtin.get_url: + url: https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip + dest: /tmp/awscliv2.zip + mode: '0600' + - name: Remove /tmp/aws before unzipping + file: + path: /tmp/aws + state: absent + - name: Unzip aws cli + ansible.builtin.unarchive: + src: /tmp/awscliv2.zip + dest: /tmp + remote_src: yes + - name: Run aws installer + ansible.builtin.shell: /tmp/aws/install + register: result + ignore_errors: true + - name: Run aws updater + ansible.builtin.shell: /tmp/aws/install -u + when: result is failed diff --git a/aws/vars.yaml b/aws/vars.yaml new file mode 100644 index 0000000..6634ea8 --- /dev/null +++ b/aws/vars.yaml @@ -0,0 +1,3 @@ +region: us-east-2 +access_key_id: "" +secret_access_key: ""