This is just a quick note on what kind of permissions need to be granted on AWS in order to access some of the features with ansible.
- name: Create an amazon EC2 machine
ec2_instance:
name: "test-machine"
key_name: *your-key-name*
aws_access_key: *your-access-key*
aws_secret_key: *your-secret-key*
instance_initiated_shutdown_behavior: stop
region: eu-west-1
instance_type: t2.micro
image_id: ami-*
security_group: *security-group-name*
vpc_subnet_id: subnet-*
wait: yes
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ec2:GetConsole*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:CreateTags",
"ec2:CreateVolume"
],
"Resource": "*"
}
]
}
- name: associate an elastic IP with an instance
ec2_eip:
device_id: "{{ ec2.instance_ids[0] }}" # this variable can be used right after the ec2_instance command if you add "register: ec2"
ip: *your-elastic-ip-here*
You need to add the ec2:AssociateAddress permission to your IAM role.
- name: Attach data disk
ec2_vol:
instance: "{{ ec2.instance_ids[0] }}"
id: vol-* # Paste your volume ID here
device_name: /dev/xvdb
delete_on_termination: no
You need to add the ec2:AttachVolume permission to your IAM role.