Hi,
I’m fairly new to ansible and ec2 so apologies if this is not the best way to approach what I’m trying to do.
I have an ansible script that creates two basic ec2 instances, adds them to an ELB and then installs a typical web application (Python/Flask using boto for s3 access) in to the new ec2 instances. This is basically working OK but the ec2 instances created by ansible don’t have any IAM role associated with them. I want to be able to assign a role so that the AWS credentials don’t have to be passed in an stored on the ec2 instance (in line with http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_services.html)
Within one of my yml files I have this block:
- name: Starting EC2 instances
ec2:
image: ‘{{ image }}’
region: ‘{{ region }}’
instance_type: ‘{{ instance_type }}’
key_name: ‘{{ key_name }}’
instance_tags: { Name: Service, type: web, env: development}
wait: yes
group: ‘xx_service_group’
exact_count: 2
count_tag: { type: web }
aws_secret_key: ‘{{ aws_secret_key }}’
aws_access_key: ‘{{ aws_access_key }}’
register: ec2
I’ve tried specifying role: in this block but clearly that doesn’t exist as an attribute and didn’t work. What is the correct way to assign an IAM role to the generated ec2 instance? I’ve tried searching but the term “role” normally brings back discussions of an ansible role rather than an AWS/ec2 role.
Any tips?
Thanks