Skip to content

Instantly share code, notes, and snippets.

@nivleshc
Created April 12, 2019 03:43
Show Gist options
  • Save nivleshc/64ea7201fb0ba8cb6f87d06adc6152de to your computer and use it in GitHub Desktop.
Save nivleshc/64ea7201fb0ba8cb6f87d06adc6152de to your computer and use it in GitHub Desktop.
The main inventory file - declare variables here. This calls the worker file (which must be prese
---
# Name: ansible-aws-inventory-main.yml
# Description: this is the main file that calls the worker file (ansible-aws-inventory-worker.yml) to create an inventory of all the
# specific aws resources.
# Below are the resources that will be inventoried
# - vpc
# - subnet
# - igw
# - cgw
# - vgw
# - ami
# - eip
# - snapshot
# - volume
# - routetable
# - securitygroup
# - nacl
# - ec2
# - elb
# - rds_instance
# - rds_snapshot
# - s3
# Prerequisites:
# - the worker file (ansible-aws-inventory-worker.yml) and the ansible hosts file must be present in the same folder as this file (ansible-aws-inventory-main.yml)
# - this script requires read access to all resources it will be querying. An AWS IAM user account must be created with the necessary permissions and with access keys enabled.
# At a minimum, to query all the resources mentioned above, the following permissions are required
# - AmazonVPCReadOnlyAccess
# - AmazonEC2ReadOnlyAccess
# - ElasticLoadBalancingReadOnly
# - AmazonRDSReadOnlyAccess
# - AmazonS3ReadOnlyAccess
#
# The access key can then be provided to this playbook using environment variables
# The commands below can be used to define the environment variables
# export AWS_ACCESS_KEY_ID="xxxxx"
# export AWS_SECRET_ACCESS_KEY="xxxxxxx"
#
# There is currently an issue with boto unable to access us-west-3 region. Use the following command to create an additional environment variable which resolves this
# export BOTO_USE_ENDPOINT_HEURISTICS=True
#
# Bugs:
# 1. there is currently a bug with Ansible when using aws_s3_bucket_facts module. It is ignoring the region parameter and instead returns all buckets (instead of those for that region),
# no matter which region is provided. This means that the s3 inventory csv will have repeated bucket names in each region
#
# Author: Nivlesh Chandra ([email protected])
#
# Version: 1.0
# Change Log:
# Date Author Comments
# 27/03/19 Nivlesh Created script
#
# Terms: This script is provided as is and the author does not take any responsibility for any
# issues that might arise. Please ensure you understand the script fully before using it
#
- hosts: localhost
connection: local
gather_facts: yes
vars:
- aws_regions:
- us-east-1 #North Virginia
- us-east-2 #Ohio
- us-west-1 #North California
- us-west-2 #Oregon
- ap-south-1 #Mumbai
- ap-northeast-2 #Seoul
- ap-southeast-1 #Singapore
- ap-southeast-2 #Sydney
- ap-northeast-1 #Tokyo
- ca-central-1 #Canada Central
- eu-central-1 #Frankfurt
- eu-west-1 #Ireland
- eu-west-2 #London
- eu-west-3 #Paris
- eu-north-1 #Stockholm
- sa-east-1 #Sau Paulo
- verbose: true #set this to true to display results to screen or false to not display to screen
- owner_id: 123456789012 #this is used to find which ami's belong to you
#define all output file headers
- vpc_outputfile_header: "Region;VPC ID;Is_Default;State;CIDR Block;Enable DNS Hostnames;Enable DNS Support;DHCP Options ID;Instance Tenancy"
- subnet_outputfile_header: "Region;Subnet ID;VPC ID;avaialability zone;cidr_block;available_ip_address_count;default_for_az;map_public_ip_on_launch;state"
- igw_outputfile_header: "Region;IGW ID;VPC ID;State;Tags"
- cgw_outputfile_header: "Region;CGW ID;BGP ASN;ip address;state;type;tags"
- vgw_outputfile_header: "Region;VGW ID;State;type;attachments;Tags"
- ami_outputfile_header: "Region;image_id;name;creation_date;state;is_public;description"
- eip_outputfile_header: "Region;allocation_id;association_id;domain;attached to(instance_id);network_interface_id;private_ip_address;public_ip;public_ipv4_pool"
- snapshot_outputfile_header: "Region;snapshot_id;owner_id;start_time;progress;state;encrypted;volume_id;volume_size;description"
- volume_outputfile_header: "Region;volume_id;volume_type;size;iops;encrypted;status;region;zone;create_time;attach_time;attached_to;attached_as;delete on termination;volume_status"
- routetable_outputfile_header: "Region;Routetable ID;VPC ID;Routes (use http://www.yamllint.com)"
- securitygroup_outputfile_header: "Region;SG Name;SG ID;VPC ID;Description;Ingress Rules (use http://www.yamllint.com); Egress Rules (use http://www.yamllint.com)"
- nacl_outputfile_header: "Region;NACL ID;VPC ID;Is Default;Subnets Associated with;Ingress Rules (use http://www.yamllint.com); Egress Rules (use http://www.yamllint.com)"
- ec2_outputfile_header: "Region;EC2_Instance_ID;EC2_Instance_Name;EC2_Instance_Type;EC2_Image_ID;Private IP;Availability Zone;Public IP;SubnetID;Source Dest Check;Security Groups;VPC ID;EC2_Launch_Time;EC2_Current_State"
- elb_outputfile_header: "Region;ELB_Type;ELB_Name;ELB_DNS_Name;Zones;Subnets;VPC_ID;Instances;Scheme;Security Groups;Listeners;State"
- rds_instance_outputfile_header: "Region;db_instance_identifier;availability_zone;allocated_storage;auto_minor_version_upgrade;availability_zone;backup_retention_period;instance_class;db_instance_port;db_instance_status;db_parameter_groups;db_security_groups;db_subnet_group;engine;engine_version;preferred_backup_window;preferred_maintenance_window;publicly_accessible;storage_type;security_groups;tags"
- rds_snapshot_outputfile_header: "Region;db_snapshot_identifier;snapshot_create_time;snapshot_type;db_instance_identifier;encrypted;percent_progress;allocated_storage;availability_zone;tags"
- s3_outputfile_header: "Region;Bucket Name;Creation Date"
#define output file names. These will be prepended with run date/time in iso6801 format
- output_root_folder: /Documents/AWS/Ansible/inventory/output/raw/
- outputfile_variablename_suffix: "_outputfile"
- outputfileheader_variablename_suffix: "_outputfile_header"
- vpc_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_vpc.csv"
- subnet_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_subnet.csv"
- igw_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_igw.csv"
- cgw_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_cgw.csv"
- vgw_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_vgw.csv"
- ami_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_ami.csv"
- eip_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_eip.csv"
- snapshot_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_snapshot.csv"
- volume_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_volume.csv"
- routetable_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_routetable.csv"
- securitygroup_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_securitygroup.csv"
- nacl_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_nacl.csv"
- ec2_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_ec2.csv"
- elb_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_elb.csv"
- rds_instance_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_rds_instance.csv"
- rds_snapshot_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_rds_snapshot.csv"
- s3_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_s3.csv"
#the following variables are used to enable or disable inventory for a particular resource. Use true to enable and false to disable
- inventory_vpc: true
- inventory_subnet: true
- inventory_igw: true
- inventory_cgw: true
- inventory_vgw: true
- inventory_ami: true
- inventory_eip: true
- inventory_snapshot: true
- inventory_volume: true
- inventory_routetable: true
- inventory_securitygroup: true
- inventory_nacl: true
- inventory_ec2: true
- inventory_elb: true
- inventory_rds_instance: true
- inventory_rds_snapshot: true
- inventory_s3: true
tasks:
- name: initialise output files with headers
lineinfile:
state: present
create: yes
path: "{{ lookup('vars', item + outputfile_variablename_suffix) }}"
line: "{{ lookup('vars', item + outputfileheader_variablename_suffix) }}"
insertbefore: BOF
with_items:
- vpc
- subnet
- igw
- cgw
- vgw
- ami
- eip
- snapshot
- volume
- routetable
- securitygroup
- nacl
- ec2
- elb
- rds_instance
- rds_snapshot
- s3
- name: find all applicable resources within region
include_tasks: ansible-aws-inventory-worker.yml
loop: "{{ aws_regions }}"
loop_control:
loop_var: aws_region
label: "{{ aws_region }}"
- name: print out the output filenames for each of the resoureces inventoried
debug:
msg:
- "{{ item }} output filename: {{ lookup('vars', item + outputfile_variablename_suffix) }}"
with_items:
- vpc
- subnet
- igw
- cgw
- vgw
- ami
- eip
- snapshot
- volume
- routetable
- securitygroup
- nacl
- ec2
- elb
- rds_instance
- rds_snapshot
- s3
@silviu-dobrica
Copy link

Here's a working version:

  • hosts: localhost
    connection: local
    gather_facts: 'yes'
    vars:

    • aws_regions:
      • eu-central-1
      • eu-west-1
      • eu-west-3
      • eu-north-1
      • us-east-1
      • us-east-2
      • us-west-1
      • us-west-2
      • ap-south-1
      • ap-northeast-2
      • ap-southeast-1
      • ap-southeast-2
      • ap-northeast-1
      • ca-central-1
      • eu-west-2
      • sa-east-1
    • verbose: true
    • owner_id: 123456789012
      #define all output file headers
    • vpc_outputfile_header: "Region;VPC ID;Is_Default;State;CIDR Block;Enable DNS Hostnames;Enable DNS Support;DHCP Options ID;Instance Tenancy"
    • subnet_outputfile_header: "Region;Subnet ID;VPC ID;avaialability zone;cidr_block;available_ip_address_count;default_for_az;map_public_ip_on_launch;state"
    • igw_outputfile_header: "Region;IGW ID;VPC ID;State;Tags"
    • vgw_outputfile_header: "Region;VGW ID;State;type;attachments;Tags"
    • ami_outputfile_header: "Region;image_id;name;creation_date;state;is_public;description"
    • eip_outputfile_header: "Region;allocation_id;association_id;domain;attached to(instance_id);network_interface_id;private_ip_address;public_ip;public_ipv4_pool"
    • snapshot_outputfile_header: "Region;snapshot_id;owner_id;start_time;progress;state;encrypted;volume_id;volume_size;description"
    • volume_outputfile_header: "Region;volume_id;volume_type;size;iops;encrypted;status;region;zone;create_time;attach_time;attached_to;attached_as;delete on termination;volume_status"
    • securitygroup_outputfile_header: "Region;SG Name;SG ID;VPC ID;Description;Ingress Rules; Egress Rules"
    • ec2_outputfile_header: "Region;EC2_Instance_ID;EC2_Instance_Name;EC2_Instance_Type;EC2_Image_ID;Private IP;Availability Zone;Public IP;SubnetID;Source Dest Check;Security Groups;VPC ID;EC2_Launch_Time;EC2_Current_State"
    • elb_outputfile_header: "Region;ELB_Type;ELB_Name;ELB_DNS_Name;Zones;Subnets;VPC_ID;Instances;Scheme;Security Groups;Listeners;State"
    • rds_instance_outputfile_header: "Region;db_instance_identifier;availability_zone;allocated_storage;auto_minor_version_upgrade;availability_zone;backup_retention_period;instance_class;db_instance_port;db_instance_status;db_parameter_groups;db_security_groups;db_subnet_group;engine;engine_version;preferred_backup_window;preferred_maintenance_window;publicly_accessible;storage_type;security_groups;tags"
    • rds_snapshot_outputfile_header: "Region;db_snapshot_identifier;snapshot_create_time;snapshot_type;db_instance_identifier;encrypted;percent_progress;allocated_storage;availability_zone;tags"
    • s3_outputfile_header: "Region;Bucket Name;Creation Date"

    #define output file names. These will be prepended with run date/time in iso6801 format

    • output_root_folder: /mnt/d/Backup/Google_Drive/Work/Telindus/Projects/ansible/aws/inventory/
    • outputfile_variablename_suffix: "_outputfile"
    • outputfileheader_variablename_suffix: "_outputfile_header"
    • vpc_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_vpc.csv"
    • subnet_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_subnet.csv"
    • igw_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_igw.csv"
    • vgw_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_vgw.csv"
    • ami_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_ami.csv"
    • eip_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_eip.csv"
    • snapshot_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_snapshot.csv"
    • volume_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_volume.csv"
    • securitygroup_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_securitygroup.csv"
    • ec2_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_ec2.csv"
    • elb_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_elb.csv"
    • rds_instance_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_rds_instance.csv"
    • rds_snapshot_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_rds_snapshot.csv"
    • s3_outputfile: "{{ output_root_folder }}{{ ansible_date_time.iso8601 }}_s3.csv"

    #the following variables are used to enable or disable inventory for a particular resource. Use true to enable and false to disable

    • inventory_vpc: true
    • inventory_subnet: true
    • inventory_igw: true
    • inventory_vgw: true
    • inventory_ami: true
    • inventory_eip: true
    • inventory_snapshot: true
    • inventory_volume: true
    • inventory_securitygroup: true
    • inventory_ec2: true
    • inventory_elb: true
    • inventory_rds_instance: true
    • inventory_rds_snapshot: true
    • inventory_s3: true

    tasks:

    • name: initialise output files with headers
      lineinfile:
      state: present
      create: yes
      path: "{{ lookup('vars', item + outputfile_variablename_suffix) }}"
      line: "{{ lookup('vars', item + outputfileheader_variablename_suffix) }}"
      insertbefore: BOF
      with_items:

      • vpc
      • subnet
      • igw
      • vgw
      • ami
      • eip
      • snapshot
      • volume
      • securitygroup
      • ec2
      • elb
      • rds_instance
      • rds_snapshot
      • s3
    • name: find all applicable resources within region
      include_tasks: ansible-aws-inventory-worker.yml
      loop: "{{ aws_regions }}"
      loop_control:
      loop_var: aws_region
      label: "{{ aws_region }}"

    • name: print out the output filenames for each of the resoureces inventoried
      debug:
      msg:
      - "{{ item }} output filename: {{ lookup('vars', item + outputfile_variablename_suffix) }}"
      with_items:

      • vpc
      • subnet
      • igw
      • vgw
      • ami
      • eip
      • snapshot
      • volume
      • securitygroup
      • ec2
      • elb
      • rds_instance
      • rds_snapshot
      • s3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment