I'd use Packer <https://www.packer.io/docs/> to create an AMI that includes any prerequisites that you need and use IAM to give the instance that your provision from that AMI the permissions that it needs for other AWS API calls. Your instance should use an IAM Instance profile, not access key and secret key.
On Tuesday, June 21, 2016 at 6:12:32 AM UTC-5, Matthew Kettlewell wrote: > > Hello - > > I've been trying to wrap my head around the best approach to bootstrapping > and provisioning an Ansible master node in ec2, and let it provision the > rest of the network from inside ec2 ( vs controlling things from my laptop ) > > I think I understand most of it, but what I'm not real sure on, is the > best approach to handling the various secure credentials. > > My laptop would have it's own set of AWS credentials, and then the > bootstrapped Ansible master would have it's own as well... what's the best > way to securely transfer that? is Ansible vault the correct approach here? > > > I'm kind of surprised that I'm not finding a lot of examples on Github, > which leads me to believe I'm trying to create an anti-pattern of some > sort, so thought I'd ping the group and see what approaches you might have > for bootstrapping and provisioning and Ansible master withing AWS. > > > Any tips, blog posts or github examples would be warmly welcome. > > > > Thanks > > Matt > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/aa4ca7b6-c8dd-455b-9c8c-0d57437473ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
