Last active
October 29, 2015 22:26
-
-
Save jackl0phty/9605516bfddd017c9b3c to your computer and use it in GitHub Desktop.
Use Ansible to spin up an EC2 Instance With Least Privileges.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: localhost | |
| connection: local | |
| gather_facts: no | |
| vars: | |
| region: us-east-1 | |
| instance_type: t1.micro | |
| ami: ami-d85e75b0 | |
| sg: sg-my-security-group | |
| tasks: | |
| - name: Spin up test server. | |
| local_action: | |
| module: ec2 | |
| region: "{{ region }}" | |
| key_name: mykey-aws | |
| instance_type: "{{ instance_type }}" | |
| image: "{{ ami }}" | |
| wait: yes | |
| group_id: "{{ sg }}" | |
| instance_tags: | |
| Name: web01.example.com | |
| env: prod | |
| created_by: ansible | |
| app: test | |
| group: test | |
| exact_count: 1 | |
| count_tag: | |
| group: test | |
| # Below is an IAM policy with the least privileges required to Create a new EC2 instance. | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:RunInstances" | |
| ], | |
| "Resource": "*" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment