- Install
ansible
on workstation (pip install ansible
) - Install
awscli
on workstation (pip install awscli
) - Install
awx.awx
collection on workstation (ansible-galaxy collection install awx.awx
) - Configure aws credentials via
aws configure
- Have MFA enabled on your AWS account
I was getting annoyed having to update my short term AWS credentials within automation controller (formerly Ansible Tower), so I wanted a way where I could easily put in my MFA token and run a playbook/script that would then update that AWS credential automatically for me on my controller environment. I found Jeff's blog talking about it but need some slight modifications to make it work to update my controller environment.
Create a vars.yml file with the vars you will need to run:
---
controller_hostname: "controller.example.com"
controller_username: "admin"
controller_password: "changeme"
credential_name: "My AWS Credential"
aws_userarn: "<ARN_FROM_IAM>"
aws_profile: "default"
aws_sts_profile: "default"
NOTE: credential_name
assumes you have an AWS Web Services
Credential already created and labeled My AWS Credential
otherwise it will create it.
To use it, you can download the contents of that file to /usr/local/bin/aws-sts-token
, make the file executable (chmod +x /usr/local/bin/aws-sts-token
), and run the command:
./aws-sts-token -e @vars.yml -e token_code=TOKEN
NOTE: TOKEN
is the value from your MFA device.