Support for multiple assume roles to get collective inventory
chandrakanthkannam opened this issue · comments
chandrakanthkannam commented
Summary
With distributed accounts within the organization and would like to manage from centralized account, to achieve this having a ability to get a collective inventory would help.
Current setup: For example below acc-1.aws_ec2.yamll
is assuming role from acc-1 and pulls inventory only from acc-1 across the mentioned regions.
plugin: aws_ec2
assume_role_arn: arn:aws:iam::<acc-id-1>:role/<role-name>
regions:
- us-west-2
- eu-central-1
- ap-southeast-2
keyed_groups:
- key: tags.Name
separator: ""
hostnames:
- 'private-ip-address'
Proposed setup: This below file will give collective inventory from all the mentioned account, all-acc.aws_ec2.yml
and across all regions.
plugin: aws_ec2
assume_role_arns:
- arn:aws:iam::<acc-id-1>:role/<role-name>
- arn:aws:iam::<acc-id-2>:role/<role-name>
regions:
- us-west-2
- eu-central-1
- ap-southeast-2
keyed_groups:
- key: tags.Name
separator: ""
hostnames:
- 'private-ip-address'
By the proposed setup it will be helpful to manage easily from central account.
Issue Type
Feature Idea
Component Name
aws_ec2
Additional Information
Code of Conduct
- I agree to follow the Ansible Code of Conduct
chandrakanthkannam commented
This #1830 is implementing the proposed setup.