ansible/awx

Documentation for IAM EC2 inventory

Open

#924 创建于 2018年1月5日

在 GitHub 查看
 (3 评论) (0 反应) (0 负责人)Python (13,071 star) (3,333 fork)batch import
Hacktoberfestcomponent:docsgood first issuehelp wantedtype:enhancement

描述

ISSUE TYPE
  • Documentation
COMPONENT NAME
  • UI
SUMMARY

IAM permissions for EC2 inventory plugin

ENVIRONMENT

N/A

STEPS TO REPRODUCE

When using EC2 to lookup hosts available, there is no reference to what permissions the IAM role should have, giving the role extensive permissions is not ideal.

The error message also does not give us any detailed information.

Can we update the documentation to identify which actions the role needs to have (obviously depending on the flags set in ec2.ini).

For a basic setup, with ec2.ini left as default the following two actions are required:

ec2:DescribeInstances ec2:DescribeTags

贡献者指南

技术栈
pythonaws
领域
documentation
议题类型
documentation
难度面向新贡献者的预计实现难度,1 表示很小改动,5 表示专家级工作。
3
预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。
1-3 hours
活动状态议题当前的可参与程度:新鲜、活跃、陈旧、阻塞或等待维护者输入。
stale
清晰度议题是否清楚说明期望改动、验收标准和下一步。
clear
前置要求
AWS IAM knowledgeAWX EC2 inventory plugin familiarity
新手友好度1-100 的估计分数,表示该议题对首次贡献者的友好程度。
75
研究方向
Examine the AWX EC2 inventory plugin code (likely in plugins/inventory/ec2.py) and the ec2.ini configuration file to list all AWS API actions used. Document the minimal IAM permissions needed for basic and advanced configurations. The issue already mentions ec2:DescribeInstances and ec2:DescribeTags as basic; verify and expand for all features.