Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ec2_key: include KeyPairId in result #546

Closed
1 task done
andytson opened this issue Oct 23, 2021 · 4 comments · Fixed by #548
Closed
1 task done

ec2_key: include KeyPairId in result #546

andytson opened this issue Oct 23, 2021 · 4 comments · Fixed by #548
Labels
feature This issue/PR relates to a feature request has_pr module module plugins plugin (any type)

Comments

@andytson
Copy link

andytson commented Oct 23, 2021
edited
Loading

Summary

I want to limit the ec2:RunInstances to specific EC2 keys which are created by ansible, but only the fingerprint and name are returned as a result of ec2_key.

DescribeKeyPairs and ImportKeyPair return a KeyPairId, which is what's required for generating the ARN of the IAM policy

Please can the KeyPairId be included in the e2c_key result?

Issue Type

Feature Idea

Component Name

ec2_key

Additional Information

- amazon.aws.ec2_key:
    name: myapp
    key_material: ".."
  register: aws_ec2_key

- community.aws.iam_policy:
    iam_type: user
    iam_name: myapp
    policy_name: ec2
    policy_json:
      Version: "2012-10-17"
      Statement:
        - Effect: allow
          Action: ec2:RunInstances
          Resource:
            - "arn:aws:ec2:us-east-1:1234567:instance/*"
            - "arn:aws:ec2:us-east-1:1234567:key-pair/{{ aws_ec2_key.key.id }}"
            - "arn:aws:ec2:us-east-1:1234567:security-group/*"
            - "arn:aws:ec2:us-east-1:1234567:volume/*"
            - "arn:aws:ec2:us-east-1:1234567:network-interface/*"
            - "arn:aws:ec2:us-east-1:1234567:subnet/*"
            - "arn:aws:ec2:us-east-1::image/*"

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
@ansibullbot
Copy link

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot
Copy link

cc @jillr @lwade @prasadkatti @s-hertel @tgerla @tremble @wimnat @zbal
click here for bot help

@ansibullbot ansibullbot added feature This issue/PR relates to a feature request module module needs_triage plugins plugin (any type) labels Oct 23, 2021
@tremble tremble mentioned this issue Oct 23, 2021
Merged
@tremble
Copy link
Contributor

tremble commented Oct 23, 2021

Thanks for taking the time to make this suggestion, I agree it's potentially very helpful.

I've opened PR #548 is you are able to test this it would be much appreciated.

@andytson
Copy link
Author

andytson commented Oct 23, 2021
edited
Loading

Ah, I was mistaken in my example, turns out RunInstance resource for keypair uses the keypair name rather than key id, e.g. arn:aws:ec2:us-east-1:1234567:key-pair/myapp. I'm not sure of other uses of the key id, but I guess its still harmless to include

ansible-zuul bot pushed a commit that referenced this issue Oct 25, 2021
@tremble
ec2_key - add support for tagging and returning id (#548)
8213151 
ec2_key - add support for tagging and returning id

SUMMARY
Add support for tagging key pairs and also return the key ID
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
ec2_key
ADDITIONAL INFORMATION
fixes: #546
fixes: #547

Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
abikouo pushed a commit to abikouo/amazon.aws that referenced this issue Sep 18, 2023
@ichekaldin
New module - aws_glue_crawler (ansible-collections#546)
d6f5db7 
New module - aws_glue_crawler

SUMMARY

New module - aws_glue_crawler.

ISSUE TYPE


New Module Pull Request

COMPONENT NAME

aws_glue_crawler
ADDITIONAL INFORMATION


Example:

community.aws.aws_glue_crawler:
  - name: my-crawler
    database_name: my_database
    role: my-role
    recrawl_policy:
      RecrawlBehavior: CRAWL_EVERYTHING
    schema_change_policy:
      DeleteBehavior: DELETE_FROM_DATABASE
      UpdateBehavior: UPDATE_IN_DATABASE
    targets:
      S3Targets:
        - Path: "s3://my-bucket/prefix/folder/"
    tags:
      Environment: test

Reviewed-by: Mark Chappell <None>
Reviewed-by: Ivan Chekaldin <None>
Reviewed-by: Jill R <None>
abikouo pushed a commit to abikouo/amazon.aws that referenced this issue Sep 18, 2023
@ichekaldin @abikouo
New module - aws_glue_crawler (ansible-collections#546)
3cb79c7 
New module - aws_glue_crawler

SUMMARY

New module - aws_glue_crawler.

ISSUE TYPE


New Module Pull Request

COMPONENT NAME

aws_glue_crawler
ADDITIONAL INFORMATION


Example:

community.aws.aws_glue_crawler:
  - name: my-crawler
    database_name: my_database
    role: my-role
    recrawl_policy:
      RecrawlBehavior: CRAWL_EVERYTHING
    schema_change_policy:
      DeleteBehavior: DELETE_FROM_DATABASE
      UpdateBehavior: UPDATE_IN_DATABASE
    targets:
      S3Targets:
        - Path: "s3://my-bucket/prefix/folder/"
    tags:
      Environment: test

Reviewed-by: Mark Chappell <None>
Reviewed-by: Ivan Chekaldin <None>
Reviewed-by: Jill R <None>
abikouo pushed a commit to abikouo/amazon.aws that referenced this issue Oct 24, 2023
@ichekaldin
New module - aws_glue_crawler (ansible-collections#546)
f642e14 
New module - aws_glue_crawler

SUMMARY

New module - aws_glue_crawler.

ISSUE TYPE


New Module Pull Request

COMPONENT NAME

aws_glue_crawler
ADDITIONAL INFORMATION


Example:

community.aws.aws_glue_crawler:
  - name: my-crawler
    database_name: my_database
    role: my-role
    recrawl_policy:
      RecrawlBehavior: CRAWL_EVERYTHING
    schema_change_policy:
      DeleteBehavior: DELETE_FROM_DATABASE
      UpdateBehavior: UPDATE_IN_DATABASE
    targets:
      S3Targets:
        - Path: "s3://my-bucket/prefix/folder/"
    tags:
      Environment: test

Reviewed-by: Mark Chappell <None>
Reviewed-by: Ivan Chekaldin <None>
Reviewed-by: Jill R <None>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature This issue/PR relates to a feature request has_pr module module plugins plugin (any type)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ec2_key - add support for tagging and returning id tremble/amazon.aws
3 participants
@andytson @tremble @ansibullbot