Hello all,
This is the continuation of my other Post creating direct connect gateway.
This is the same but using assume roles and cross-account deployment. I
have added loops but there are 2 sections which are not working (debug role
arns & assume cross account roles). Can some one help?
Error:
TASK [debug role arns]
************************************************************************************************************************************************************************************************************
task path:
/home/ec2-user/environment/aws-rxgt-mgmt-platform/ansible/rxgt-ps-rxgtmgmt-playbook.yaml:29
fatal: [infrastructure]: FAILED! => {
"msg": "template error while templating string: no filter named 'map'.
String: {{ rxgt_identity_account['deploy_accounts']|map('extract',
rxgt_identity_account['account_config'])|list }}"
}
=======================================================
Main playbook:
---
# This playbook builds Network infrastructure in all configured accounts
- name: Install/Update RXGT Mgmt account CF templates
hosts: infrastructure
tasks:
- name: Install/Update RXGT PS cross account CF templates
hosts: infrastructure
tasks:
- name: get sts session token
sts_session_token:
duration_seconds: "{{ sts_session_duration | default(3600) }}"
mfa_serial_nunber: "{{ sts_mfa_serial_number | default(omit) }}"
mfa_token: "{{ sts_mfa_token | default(omit) }}"
register: sts_session_token
when: with_sts
tags:
rxgt-ps-mgmt-stack-deploy
- name: retrieve sts credentials
set_fact:
sts_access_key: "{{ sts_session_token.sts_creds.access_key }}"
sts_secret_key: "{{ sts_session_token.sts_creds.secret_key }}"
sts_session_token: "{{ sts_session_token.sts_creds.session_token }}"
when: with_sts
tags:
rxgt-ps-mgmt-stack-deploy
- name: debug role arns
debug:
msg: "Assuming role: {{ account_config.sts_role_arn }}"
verbosity: 1
loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
rxgt_identity_account['account_config'])|list }}"
loop_control:
loop_var: account_config
label: "{{ account_config.sts_role_arn }}"
tags:
rxgt-ps-mgmt-stack-deploy
- name: assume cross account roles
sts_assume_role:
role_arn: "{{ account_config.sts_role_arn }}"
role_session_name: "ansibledeploy"
duration_seconds: "{{ sts_session_duration | default(3600) }}"
aws_access_key: "{{ sts_access_key | default(omit) }}"
aws_secret_key: "{{ sts_secret_key | default(omit) }}"
security_token: "{{ sts_session_token | default(omit) }}"
mfa_serial_nunber: "{{ sts_mfa_serial_number | default(omit) }}"
mfa_token: "{{ sts_mfa_token | default(omit) }}"
loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract',
rxgt_identity_account['account_config'])|list }}"
loop_control:
loop_var: account_config
label: "{{ account_config.sts_role_arn }}"
register: assumed_roles_with_account_config
tags:
rxgt-ps-mgmt-stack-deploy
- name: create rxgt-ps-mgmt-direct-connect-gateway stack
aws_direct_connect_gateway:
state: present
region: "{{ account_config.1 }}"
aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
security_token: "{{ account_config.0.sts_creds.session_token }}"
name: "{{
rxgt_identity_account.account_config.rxgtmgmt.stacks['rxgt-ps-mgmt-direct-connect-gateway'].params.name
}}"
amazon_asn: "{{
rxgt_identity_account.account_config.rxgtmgmt.stacks['rxgt-ps-mgmt-direct-connect-gateway'].params.amazon_asn
}}"
loop: "{{
assumed_roles_with_account_config.results|subelements('account_config.regions',
skip_missing=True) }}"
loop_control:
loop_var: account_config
label: "{{ account_config.0.account_config.account_alias }}:{{
account_config.1 }}"
register: created_aws_direct_connect_gateway
tags:
rxgt-ps-mgmt-stack-deploy
- name: debug stack outputs
vars:
msg: "{{ account_config | to_nice_yaml }}"
debug:
msg: "{{ msg.split('\n') }}"
verbosity: 0
loop: "{{
assumed_roles_with_account_config.results|subelements('account_config.regions',
skip_missing=True) }}"
loop_control:
loop_var: account_config
label: "{{ account_config.0.account_config.account_alias }}:{{
account_config.1 }}"
tags:
- 'never'
- 'debug'
- rxgt-ps-mgmt-stack-deploy
=======================================================
account_config.yaml
---
ansible_python_interpreter: "{{ lookup('env', 'VIRTUAL_ENV') }}/bin/python"
rxgt_identity_account:
deploy_accounts:
- XXXXXX
account_config:
XXXXXX:
id: XXXXXXXX
account_alias: XXXXXX
sts_role_arn:
arn:aws:iam::XXXXXXXXXXXX:role/xxxx/xx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
pass_role_arn: ""
regions:
- eu-west-1
stacks:
rxgt-ps-mgmt-direct-connect-gateway:
params:
name: rxgtmgmt-dxgw
amazon_asn: 65000
override_tags:
rx:billing:service-name: identity
rx:billing:environment-name: xxxxxx
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/d76c14c7-6856-46cf-8978-c47c6271ced8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
