add the ability to use IAM instead of access and secret keys

* add the ability to use IAM instead of access and secret keys (#1) * add role variable description to README
Restless-ET · Jul 13, 2017 · 8c8fdb2 · 8c8fdb2
1 parent 796e160
commit 8c8fdb2
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -19,6 +19,7 @@ Role Variables
 - `aws_scripts_mon_options` - The monitoring script options (`--from-cron` is always assumed). Defaults to: `"--disk-space-util --disk-path=/"`.
 - `aws_scripts_mon_access_key` - Your AWS Access Key. You need to define this or the role will fail to execute.
 - `aws_scripts_mon_secret_key` - Your AWS Secret Key. You need to define this or the role will fail to execute.
+- `aws_scripts_mon_use_iam` - Set to 'true' if you're authenticating with AWS IAM role permissions instead of AWS access keys. Defaults to 'false'.
 
 
 Dependencies

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -4,3 +4,4 @@ aws_scripts_mon_cron_user: "{{ ansible_user }}"
 aws_scripts_mon_options: "--disk-space-util --disk-path=/"
 aws_scripts_mon_access_key: null
 aws_scripts_mon_secret_key: null
+aws_scripts_mon_use_iam: false
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Exit if AWS keys were not defined
   fail: msg="The AWS access and/or secret key(s) is/are not defined!"
-  when: aws_scripts_mon_access_key is none or aws_scripts_mon_secret_key is none
+  when: not aws_scripts_mon_use_iam|bool and (aws_scripts_mon_access_key is none or aws_scripts_mon_secret_key is none)
 
 - include: debian.yml
   when: ansible_os_family == 'Debian'
@@ -20,6 +20,7 @@
   template: src=awscreds.conf.j2
             dest={{ aws_scripts_mon_base_directory }}/aws-scripts-mon/awscreds.conf
             owner={{ aws_scripts_mon_cron_user }} mode=0400
+  when: not aws_scripts_mon_use_iam|bool
 
 - name: Add a cron job to run the monitoring scripts
   cron: name="aws_scripts_mon"