services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

add aws installer

Browse Source
This commit is contained in:
Reese Wells
2024-06-06 20:38:42 -04:00
parent 30107f91a8
commit 450ae4afa6
6 changed files with 91 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
aws/README.md Normal file
View File

@@ -0,0 +1,21 @@
# AWS Credentials
Distributes aws credentials to all machines that need them.
## Access Key
```bash
# Delete previous access key
aws iam delete-access-key --user-name route53 --access-key-id "$(aws iam list-access-keys --user-name route53 --output json | jq -r '.AccessKeyMetadata[0].AccessKeyId')"
# Create new access key
aws iam create-access-key --user-name route53 | jq -r '.AccessKey.AccessKeyId,.AccessKey.SecretAccessKey' | {read AWS_ACCESS_KEY_ID; read AWS_SECRET_ACCESS_KEY;}
# Send access keys to all servers
ansible-playbook \
-i ansible/inventory.yaml aws/distribute_aws_creds.yaml \
--extra-vars "access_key_id=$AWS_ACCESS_KEY_ID secret_access_key=$AWS_SECRET_ACCESS_KEY"
# List existing access keys
aws iam list-access-keys --user-name route53 --output json
```

2
aws/config_template Normal file
View File

@@ -0,0 +1,2 @@
[profile default]
region={{ region }}

3
aws/creds_template Normal file
View File

@@ -0,0 +1,3 @@
[default]
aws_access_key_id={{ access_key_id }}
aws_secret_access_key={{ secret_access_key }}

27
aws/distribute_aws_creds.yaml Normal file
View File

@@ -0,0 +1,27 @@
- name: Update nginx stream configuration
hosts: colors:kubernetes
become: true
become_user: root
become_method: sudo
vars_files:
- vars.yaml
tasks:
- name: Create .aws dir
ansible.builtin.file:
path: /root/.aws
state: directory
mode: '0700'
- name: Copy credentials
template:
src: creds_template
dest: /root/.aws/credentials
owner: root
group: root
mode: '0600'
- name: Copy config
template:
src: config_template
dest: /root/.aws/config
owner: root
group: root
mode: '0600'

35
aws/install_aws_cli.yaml Normal file
View File

@@ -0,0 +1,35 @@
- name: Update nginx stream configuration
hosts: colors:kubernetes
become: true
become_user: root
become_method: sudo
vars_files:
- vars.yaml
tasks:
- name: Ensure curl, unzip installed
ansible.builtin.dnf:
name:
- curl
- unzip
state: present
- name: Download aws cli zip
ansible.builtin.get_url:
url: https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip
dest: /tmp/awscliv2.zip
mode: '0600'
- name: Remove /tmp/aws before unzipping
file:
path: /tmp/aws
state: absent
- name: Unzip aws cli
ansible.builtin.unarchive:
src: /tmp/awscliv2.zip
dest: /tmp
remote_src: yes
- name: Run aws installer
ansible.builtin.shell: /tmp/aws/install
register: result
ignore_errors: true
- name: Run aws updater
ansible.builtin.shell: /tmp/aws/install -u
when: result is failed

3
aws/vars.yaml Normal file
View File

@@ -0,0 +1,3 @@
region: us-east-2
access_key_id: ""
secret_access_key: ""