Additional Parameter Store Information - Alex-Burgess/ansible-demo GitHub Wiki
Full environment creation:
- Create all keys:
$ mkdir /tmp/ansible $ ssh-keygen -f /tmp/ansible/ansible_test -C ansible_test -b 2048 -t rsa -q -N "" $ ssh-keygen -f /tmp/ansible/ansible_staging -C ansible_staging -b 2048 -t rsa -q -N "" $ ssh-keygen -f /tmp/ansible/ansible_prod -C ansible_prod -b 2048 -t rsa -q -N "" - Add all keys to the Parameter store (use overwrite if updating keys):
$ aws ssm put-parameter --name "/Ansible/HelloWorld/test/private_key" --value "`cat /tmp/ansible/ansible_test`" --type SecureString --overwrite $ aws ssm put-parameter --name "/Ansible/HelloWorld/test/public_key" --value "`cat /tmp/ansible/ansible_test.pub`" --type SecureString --overwrite $ aws ssm put-parameter --name "/Ansible/HelloWorld/staging/private_key" --value "`cat /tmp/ansible/ansible_staging`" --type SecureString --overwrite $ aws ssm put-parameter --name "/Ansible/HelloWorld/staging/public_key" --value "`cat /tmp/ansible/ansible_staging.pub`" --type SecureString --overwrite $ aws ssm put-parameter --name "/Ansible/HelloWorld/prod/private_key" --value "`cat /tmp/ansible/ansible_prod`" --type SecureString --overwrite $ aws ssm put-parameter --name "/Ansible/HelloWorld/prod/public_key" --value "`cat /tmp/ansible/ansible_prod.pub`" --type SecureString --overwrite - List all keys from the parameter store:
$ aws ssm describe-parameters --query Parameters[*].Name [ "/Ansible/HelloWorld/prod/private_key", "/Ansible/HelloWorld/prod/public_key", "/Ansible/HelloWorld/staging/private_key", "/Ansible/HelloWorld/staging/public_key", "/Ansible/HelloWorld/test/private_key", "/Ansible/HelloWorld/test/public_key" ]
IAM Policy for EC2 to get parameters
Role:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ssm:Describe*",
"ssm:Get*",
"ssm:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}