Support for multiple assume roles to get collective inventory

Question

Support for multiple assume roles to get collective inventory

chandrakanthkannam opened this issue 6 months ago · comments

chandrakanthkannam commented 6 months ago

Summary

With distributed accounts within the organization and would like to manage from centralized account, to achieve this having a ability to get a collective inventory would help.

Current setup: For example below acc-1.aws_ec2.yamll is assuming role from acc-1 and pulls inventory only from acc-1 across the mentioned regions.

plugin: aws_ec2
assume_role_arn: arn:aws:iam::<acc-id-1>:role/<role-name>

regions:
  - us-west-2
  - eu-central-1
  - ap-southeast-2

keyed_groups:
  - key: tags.Name
    separator: ""

hostnames:
  - 'private-ip-address'

Proposed setup: This below file will give collective inventory from all the mentioned account, all-acc.aws_ec2.yml and across all regions.

plugin: aws_ec2
assume_role_arns:
  - arn:aws:iam::<acc-id-1>:role/<role-name>
  - arn:aws:iam::<acc-id-2>:role/<role-name>
regions:
  - us-west-2
  - eu-central-1
  - ap-southeast-2

keyed_groups:
  - key: tags.Name
    separator: ""

hostnames:
  - 'private-ip-address'

By the proposed setup it will be helpful to manage easily from central account.

Issue Type

Feature Idea

Component Name

aws_ec2

Additional Information

Code of Conduct

I agree to follow the Ansible Code of Conduct

chandrakanthkannam · Answer 1 · Wed Dec 06 2023 07:44:13 GMT+0800 (China Standard Time)

This #1830 is implementing the proposed setup.