Skip to content

mpieters3/ansible-eci-connector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.devcontainer
.devcontainer
 
 
.vscode
.vscode
 
 
plugins/connection
plugins/connection
 
 
test
test
 
 
.env.sample
.env.sample
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

EC2 Instance Connect Connection Plugin for Ansible

The EC2 Instance Connect (ECI) connection plugin was created to take advantage of AWS's ECI capability Rather than rely on public keys statically stored on resources, this allows us to take advantage of using AWS native roles and permissions to access and manage linux servers instead.

This is helpful in situations where you need to use continue to use ansible over AWS native instance management solutions, but want to take advantage of AWS's native IAM model for authorization as well as to avoid sharing of long living private keys.

Check releases for versions of this library for older Ansible versions

Installation into Ansible

Drop eci.py into a connection plugin location, as outlined in https://docs.ansible.com/ansible/latest/dev_guide/developing_locally.html. Must have boto3 and ec2instanceconnectcli python libraries available

AWS Servers must be set up to support EC2 Instance Connect.

Parameters

For parameter details, use ansible-doc -t connection eci

In general, aligned to the same requirements as most other aws related modules and tasks in ansible. Namely, in one way or another AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be set, and we must also have region. Generally, this is set either at the host level or globally.

The connection plugin can take either instance_id or use ip address (public or private) or hostname to determine the correct connection details.

Local Development

This is setup to use a VSCode devcontainer, so as long as you install VScode's devcontainer plugin, it should set up easily.

Make sure the plugin is being pulled in correctly... from the workspace directory, run the following command to make sure you're getting the connection info: ansible-doc -t connection eci

Testing the plugin

The demo.yml tests this plugin by doing a few things:

  1. Create a security group (opening port 22 from 0.0.0.0/0)
  2. Creates a t2.micro aws linux ami; doesn't set any keypair, so not accessible with 'normal' ssh
  3. Connects using eci with instance-id & ip address (preferred) information as root, echo basic message
  4. Connects using eci with ip address host information as ec2-user, echo basic message

Running playbook with debug

Create a .env file and set your AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for your test AWS account. Use vscode's debug launch to Debug demo.yml (run_playbook in Python) - breakpoints in eci.py will be honored.

Alternatively, you can use the Makefile run_tests

TODO

About

Uses EC2 Instance Connect to authenticate the user for the standard Ansible SSH Connector Plugin

Resources

Readme

License

Apache-2.0 license
Activity

Stars

30 stars

Watchers

0 watching

Forks

12 forks
Report repository

Releases 4

Ansible v2.19.3 Latest
Oct 25, 2025
+ 3 releases

Packages

 
 
 

Contributors

Languages