feat(ansible): use aws dynamic inventories properly with ssm and host variables

snippets/ansible/commands.sh

@@ -12,6 +12,11 @@ ansible-inventory -i 'aws_ec2.yml' --list
 ansible-playbook -i 'self-hosting.yml' 'gitlab.yml' --list-hosts
 ansible -i 'webservers.yml' all --list-hosts
 
+# List hosts with their variables
+ansible-inventory -i 'aws_ec2.yml' --list
+ansible-inventory -i 'inventory.ini' --graph --vars
+ansible-inventory -i 'inventory.yml' --host 'client2'
+
 # Show hosts' ansible facts
 ansible -i 'inventory.yml' -m 'setup' all
 ansible -i '192.168.1.34,gitlab.lan,' -m 'setup' 'gitlab.lan' -u 'admin'

snippets/ansible/ec2 instances by instance id.aws_ec2.yml

@@ -0,0 +1,55 @@
+###
+# Provide AWS EC2 instances by their Instance ID
+# ------------------
+# Dynamic inventory for integration with AWS SSM.
+# Makes use of the 'aws_ec2' plugin.
+# The file must be named 'aws_ec2.yml', or its name must end with it.
+# Even if YAML file, it must *not* start with '---' or ansible will fail parsing it.
+# Refer <https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_ec2_inventory.html> and
+# <https://docs.ansible.com/ansible/latest/plugins/inventory.html#using-inventory-plugins>.
+###
+
+plugin: amazon.aws.aws_ec2
+region: eu-north-1
+include_filters:
+  - # exclude instances that are not running, which are inoperable
+    instance-state-name: running
+exclude_filters:
+  - # skip EKS nodes, since they are managed in their own way
+    tag-key:
+      - aws:eks:cluster-name
+  - # skip GitLab Runners, since they are volatile and managed in their own way
+    tag:Application:
+      - GitLab
+    tag:Component:
+      - Runner
+use_ssm_inventory: true  # requires 'ssm:GetInventory' permissions on 'arn:aws:ssm:<region>:<account-id>:*'
+hostnames:
+  - instance-id
+keyed_groups:
+  - key: architecture
+    prefix: arch
+  - key: ssm_inventory.platform_name
+    prefix: os_Name
+  - key: ssm_inventory.platform_type
+    prefix: os_Type
+  - key: ssm_inventory.platform_version
+    prefix: os_Version
+  # - key: tags  # would create a group per each tag value; prefer limiting groups to the useful ones
+  #   prefix: tag
+  - key: tags.Team
+    prefix: tag_Team
+  - key: tags.Environment
+    prefix: tag_Environment
+  - key: tags.Application
+    prefix: tag_Application
+  - key: tags.Component
+    prefix: tag_Component
+  - key: tags.Name
+    prefix: tag_Name
+compose:
+  # use non-jinja values (e.g. strings) by wrapping them in two sets of quotes
+  # if using awx, prefer keeping double quotes external (e.g. "'something'") as it just looks better in the ui
+  ansible_connection: "'aws_ssm'"
+  ansible_aws_ssm_region: "'eu-north-1'"
+  ansible_aws_ssm_timeout: "'300'"

snippets/ansible/tasks/manipulate data.yml

@@ -319,6 +319,8 @@
     this_is_true_again: "{{ not false }}"
     true_is_truthy: "{{ true is truthy }}"
     false_is_falsy: "{{ false is falsy }}"
+    any_element_in_list_is_truthy_results_false: "{{ [false, '', None, 0] is any }}"
+    all_elements_in_list_are_truthy_results_true: "{{ [true, 'some string', 1] is all }}"
 
 - name: Undefined variables
   tags: undefined_variable

snippets/aws/other commands.fish

@@ -520,3 +520,15 @@ aws sns list-subscriptions-by-topic --topic-arn 'arn:aws:sns:eu-west-1:012345678
 # Get information about subscriptions
 aws sns get-subscription-attributes \
 	--subscription-arn 'arn:aws:sns:eu-west-1:012345678901:aSucculentTopic:abcdef01-2345-6789-abcd-ef0123456789'
+
+
+###
+# SSM
+# ------------------
+###
+
+# Check SSM registered an EC2 instance
+aws ssm get-connection-status --target 'i-0123456789abcdef0' --query 'Status' --output 'text'
+
+# Start a shell
+aws ssm start-session --target 'i-0123456789abcdef0'