Giter VIP home page Giter VIP logo

ansible-inspec-aws-ec2-demo's Introduction

ansible-inspec-aws-ec2-demo

Quick and dirty demo ansible role that uses the aws_ec2 ansible plugin to execute against a group of EC2s. Written as a proof-of-concept of an InSpec runner that can execute multiple InSpec scans simultaneously against a group of EC2s.

Setup

Before you start, make sure:

  • You have AWS CLI configured locally to access your desired AWS account.
  • You have aws_ec2 plugin enabled in ansible.cfg (usually in /etc/ansible/ansible.cfg).
[inventory]
enable_plugins = aws_ec2
  • You have a group of EC2s in AWS which are:
    • accessible via a single SSH key
    • tagged with something unique to target with Ansible (ex. 'test_group')

aws_ec2 plugin

The role runs on your localhost and loops through the inventory list given by aws_ec2.

aws_ec2 groups EC2s depending on what you specify in the groups attribute in aws_ec2.yml:

groups:
  test_group: "'test' in tags['Name']"

You can edit aws_ec2.yml to create different groups in the Ansible inventory by whatever tag you like.

You can see what aws_ec2 can see and how it is grouped by running:

$> ansible-inventory -i aws_ec2.yml --graph

@all:
  |--@aws_ec2:
  |  |--ec2-3-145-176-61.us-east-2.compute.amazonaws.com
  |  |--ec2-3-15-31-155.us-east-2.compute.amazonaws.com
  |--@test_group:
  |  |--ec2-3-145-176-61.us-east-2.compute.amazonaws.com
  |  |--ec2-3-15-31-155.us-east-2.compute.amazonaws.com
  |--@ungrouped:

Running the role

Run: ansible-playbook playbook.yml -i aws_ec2.yml --ask-vault-pass -v

You'll be prompted for the password you set for the Ansible Vault. The task will run InSpec against the EC2s that are part of test_group.

The task will execute all the scans simultaneously using Ansible's asynchronous feature. This means Ansible will execute each scan in the loop and not wait for a result before moving on.

As such, the next task in the role will wait until each asynchronous InSpec scan registered to inspec_results has completed before continuing.

Author

Will Dower

ansible-inspec-aws-ec2-demo's People

Contributors

wdower avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.