Add encryption capability to AMI copy (#1409)

This commit is contained in:
Ryan Sydnor 2016-05-23 10:39:02 -04:00 committed by Brian Coca
parent eb6ba749c2
commit 0ba34435cf

View file

@ -1,4 +1,5 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
@ -40,6 +41,18 @@ options:
- An optional human-readable string describing the contents and purpose of the new AMI.
required: false
default: null
encrypted:
description:
- Whether or not to encrypt the target image
required: false
default: null
version_added: "2.2"
kms_key_id:
description:
- KMS key id used to encrypt image. If not specified, uses default EBS Customer Master Key (CMK) for your account.
required: false
default: null
version_added: "2.2"
wait:
description:
- wait for the copied AMI to be in state 'available' before returning.
@ -65,30 +78,60 @@ extends_documentation_fragment:
EXAMPLES = '''
# Basic AMI Copy
- local_action:
module: ec2_ami_copy
source_region: eu-west-1
dest_region: us-east-1
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx
# AMI copy wait until available
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx
name: SuperService-new-AMI
description: latest patch
tags: '{"Name":"SuperService-new-AMI", "type":"SuperService"}'
wait: yes
register: image_id
# Named AMI copy
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx
name: My-Awesome-AMI
description: latest patch
# Tagged AMI copy
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx
tags:
Name: My-Super-AMI
Patch: 1.2.3
# Encrypted AMI copy
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx
encrypted: yes
# Encrypted AMI copy with specified key
- ec2_ami_copy:
source_region: us-east-1
region: eu-west-1
source_image_id: ami-xxxxxxx
encrypted: yes
kms_key_id: arn:aws:kms:us-east-1:XXXXXXXXXXXX:key/746de6ea-50a4-4bcb-8fbc-e3b29f2d367b
'''
import sys
import time
try:
import boto
import boto.ec2
from boto.vpc import VPCConnection
HAS_BOTO = True
except ImportError:
HAS_BOTO = False
def copy_image(module, ec2):
"""
Copies an AMI
@ -101,6 +144,8 @@ def copy_image(module, ec2):
source_image_id = module.params.get('source_image_id')
name = module.params.get('name')
description = module.params.get('description')
encrypted = module.params.get('encrypted')
kms_key_id = module.params.get('kms_key_id')
tags = module.params.get('tags')
wait_timeout = int(module.params.get('wait_timeout'))
wait = module.params.get('wait')
@ -109,7 +154,9 @@ def copy_image(module, ec2):
params = {'source_region': source_region,
'source_image_id': source_image_id,
'name': name,
'description': description
'description': description,
'encrypted': encrypted,
'kms_key_id': kms_key_id
}
image_id = ec2.copy_image(**params).image_id
@ -125,7 +172,7 @@ def copy_image(module, ec2):
module.exit_json(msg="AMI copy operation complete", image_id=image_id, state=img.state, changed=True)
# register tags to the copied AMI in dest_region
# register tags to the copied AMI
def register_tags_if_any(module, ec2, tags, image_id):
if tags:
try:
@ -171,6 +218,8 @@ def main():
source_image_id=dict(required=True),
name=dict(),
description=dict(default=""),
encrypted=dict(type='bool', required=False),
kms_key_id=dict(type='str', required=False),
wait=dict(type='bool', default=False),
wait_timeout=dict(default=1200),
tags=dict(type='dict')))
@ -187,11 +236,10 @@ def main():
try:
region, ec2_url, boto_params = get_aws_connection_info(module)
vpc = connect_to_aws(boto.vpc, region, **boto_params)
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e))
module.fail_json(msg=str(e))
if not region:
if not region:
module.fail_json(msg="region must be specified")
copy_image(module, ec2)