Skip to content
This repository has been archived by the owner on Jun 4, 2021. It is now read-only.

Commit

Permalink
Add a hack to make AWS Roles usable
Browse files Browse the repository at this point in the history
Enable using a manually-generated session token for AWS Roles.

A better solution would be to use
https://docs.ansible.com/ansible/latest/modules/sts_assume_role_module.html,
but I'm not sure how to add the conditional logic required to add that
to the Streisand setup workflow.
  • Loading branch information
MikaelSmith committed Jun 4, 2019
1 parent c91292a commit a5793f6
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 0 deletions.
10 changes: 10 additions & 0 deletions playbooks/amazon.yml
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,16 @@
prompt: "\nWhat is your AWS Secret Access Key?\n"
private: no

- name: "aws_session_token"
prompt: |
If you use AWS Roles, see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html
then get a session token by running 'aws sts get-caller-identity --profile <profile>' and finding
it in ~/.aws/cli/cache/*.json.
What is your AWS Session Token? Press enter for default (no token).
default: ""
private: no

- name: "confirmation"
prompt: "\nStreisand will now set up your server. This process usually takes around ten minutes. Press Enter to begin setup...\n"

Expand Down
8 changes: 8 additions & 0 deletions playbooks/roles/ec2-security-group/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
vpc_id: "{{ aws_vpc_id | default(omit) }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"

- name: Pause for fifteen seconds to ensure the EC2 security group has been created
pause:
Expand All @@ -20,6 +21,7 @@
vpc_id: "{{ aws_vpc_id | default(omit) }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
rules:
# Nginx
# ---
Expand Down Expand Up @@ -55,6 +57,7 @@
vpc_id: "{{ aws_vpc_id | default(omit) }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
purge_rules: no
purge_rules_egress: no
rules:
Expand Down Expand Up @@ -82,6 +85,7 @@
vpc_id: "{{ aws_vpc_id | default(omit) }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
purge_rules: no
purge_rules_egress: no
rules:
Expand Down Expand Up @@ -109,6 +113,7 @@
vpc_id: "{{ aws_vpc_id | default(omit) }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
purge_rules: no
purge_rules_egress: no
rules:
Expand All @@ -130,6 +135,7 @@
vpc_id: "{{ aws_vpc_id | default(omit) }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
purge_rules: no
purge_rules_egress: no
rules:
Expand Down Expand Up @@ -157,6 +163,7 @@
vpc_id: "{{ aws_vpc_id | default(omit) }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
purge_rules: no
purge_rules_egress: no
rules:
Expand Down Expand Up @@ -184,6 +191,7 @@
vpc_id: "{{ aws_vpc_id | default(omit) }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
purge_rules: no
purge_rules_egress: no
rules:
Expand Down
6 changes: 6 additions & 0 deletions playbooks/roles/genesis-amazon/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
state: absent
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
region: "{{ aws_region }}"
wait: yes

Expand All @@ -22,13 +23,15 @@
key_material: "{{ ssh_key.stdout }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
region: "{{ aws_region }}"
wait: yes

- name: Determine which AMI to use
ec2_ami_facts:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
owners: "{{ aws_ami_owner }}"
region: "{{ aws_region }}"
filters:
Expand All @@ -39,6 +42,7 @@
ec2:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
instance_type: "{{ aws_instance_type }}"
image: "{{ ami.images|sort(reverse=True,attribute='name')|map(attribute='image_id')|first }}"
region: "{{ aws_region }}"
Expand All @@ -58,6 +62,7 @@
state: present
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
region: "{{ aws_region }}"
namespace: "AWS/EC2"
metric: StatusCheckFailed_System
Expand All @@ -83,6 +88,7 @@
ec2_eip:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ aws_session_token }}"
region: "{{ aws_region }}"
device_id: "{{ streisand_server.instances[0].id }}"
in_vpc: "{{ aws_vpc_id is defined and aws_vpc_id != '' }}"
Expand Down

0 comments on commit a5793f6

Please sign in to comment.