yankurniawan / ansible-for-aws Goto Github PK

how to upload certificates to aws certificate manager and get the arn from ansible..

Hello,

This book looks interesting but I am somewhat concerned that it appears unfinished. Also, 2.0 is almost here with lots of new (aws) modules. I'd like to know what your plans are before I throw money at this.

Thanks in advance

hi,
When a key is created using ec2_key module and the following snippet:

  tasks:  
    - name: create key pair  
      local_action:  
        module: ec2_key  
        region: "{{ region }}"
        name: "{{ keyname }}"
#        state: absent
      register: mykey
    - name: write to file
      local_action: command echo -e "{{ item.value.private_key }}" > ~/.ssh/"{{ keyname }}".pem && chmod 600 ~/.ssh/"{{ keyname }}".pem

The .pem file cannot be used for ssh-ing into the ec2 machines anymore as the local_action command adds the "-e" flag given to "echo" also to the .pem key, because of which the key becomes like:

 $ cat ~/.ssh/new-bad-key.pem 
-e -----BEGIN RSA PRIVATE KEY-----
BlahBlah
-----END RSA PRIVATE KEY-----

Can you please fix this part?

The library module for vpc_lookup and probably the other one as well, sets the AWS credentials to only what is specified within Ansible unlike the standard AWS modules which will respect the AWS environment jobs. Using Environment variable is much more practice and probably slightly more secure rather than them being hard coded

In the code for launch_ec2.yml it specifies instance_type: t1.micro. In your book it correctly says t2.micro.

Picked up a copy and reading through it now. I'm shocked to see how all code examples show work being done as root. Kinda has the "I expect my readers to use their systems like windoze" smell to it....

Rather than telling readers to create files under /etc/ansible as root, it would be more responsible to have them create files in their home directory and make use of -i and use sudo properly.

I mean, what about firing up vi to create or edit a .yml file requires root privileges? This is just irresponsible and teaches users very, very poor habits and a total disrespect for best practices as far as *nix is concerned.