diff --git a/cloud/amazon/ec2_ami_copy.py b/cloud/amazon/ec2_ami_copy.py index 72c804bc1d1..88eba110899 100644 --- a/cloud/amazon/ec2_ami_copy.py +++ b/cloud/amazon/ec2_ami_copy.py @@ -1,4 +1,5 @@ #!/usr/bin/python +# -*- coding: utf-8 -*- # This file is part of Ansible # # Ansible is free software: you can redistribute it and/or modify @@ -40,6 +41,18 @@ options: - An optional human-readable string describing the contents and purpose of the new AMI. required: false default: null + encrypted: + description: + - Whether or not to encrypt the target image + required: false + default: null + version_added: "2.2" + kms_key_id: + description: + - KMS key id used to encrypt image. If not specified, uses default EBS Customer Master Key (CMK) for your account. + required: false + default: null + version_added: "2.2" wait: description: - wait for the copied AMI to be in state 'available' before returning. @@ -65,30 +78,60 @@ extends_documentation_fragment: EXAMPLES = ''' # Basic AMI Copy -- local_action: - module: ec2_ami_copy - source_region: eu-west-1 - dest_region: us-east-1 +- ec2_ami_copy: + source_region: us-east-1 + region: eu-west-1 + source_image_id: ami-xxxxxxx + +# AMI copy wait until available +- ec2_ami_copy: + source_region: us-east-1 + region: eu-west-1 source_image_id: ami-xxxxxxx - name: SuperService-new-AMI - description: latest patch - tags: '{"Name":"SuperService-new-AMI", "type":"SuperService"}' wait: yes register: image_id + +# Named AMI copy +- ec2_ami_copy: + source_region: us-east-1 + region: eu-west-1 + source_image_id: ami-xxxxxxx + name: My-Awesome-AMI + description: latest patch + +# Tagged AMI copy +- ec2_ami_copy: + source_region: us-east-1 + region: eu-west-1 + source_image_id: ami-xxxxxxx + tags: + Name: My-Super-AMI + Patch: 1.2.3 + +# Encrypted AMI copy +- ec2_ami_copy: + source_region: us-east-1 + region: eu-west-1 + source_image_id: ami-xxxxxxx + encrypted: yes + +# Encrypted AMI copy with specified key +- ec2_ami_copy: + source_region: us-east-1 + region: eu-west-1 + source_image_id: ami-xxxxxxx + encrypted: yes + kms_key_id: arn:aws:kms:us-east-1:XXXXXXXXXXXX:key/746de6ea-50a4-4bcb-8fbc-e3b29f2d367b ''' - -import sys -import time - try: import boto import boto.ec2 - from boto.vpc import VPCConnection HAS_BOTO = True except ImportError: HAS_BOTO = False + def copy_image(module, ec2): """ Copies an AMI @@ -101,6 +144,8 @@ def copy_image(module, ec2): source_image_id = module.params.get('source_image_id') name = module.params.get('name') description = module.params.get('description') + encrypted = module.params.get('encrypted') + kms_key_id = module.params.get('kms_key_id') tags = module.params.get('tags') wait_timeout = int(module.params.get('wait_timeout')) wait = module.params.get('wait') @@ -109,7 +154,9 @@ def copy_image(module, ec2): params = {'source_region': source_region, 'source_image_id': source_image_id, 'name': name, - 'description': description + 'description': description, + 'encrypted': encrypted, + 'kms_key_id': kms_key_id } image_id = ec2.copy_image(**params).image_id @@ -125,7 +172,7 @@ def copy_image(module, ec2): module.exit_json(msg="AMI copy operation complete", image_id=image_id, state=img.state, changed=True) -# register tags to the copied AMI in dest_region +# register tags to the copied AMI def register_tags_if_any(module, ec2, tags, image_id): if tags: try: @@ -171,6 +218,8 @@ def main(): source_image_id=dict(required=True), name=dict(), description=dict(default=""), + encrypted=dict(type='bool', required=False), + kms_key_id=dict(type='str', required=False), wait=dict(type='bool', default=False), wait_timeout=dict(default=1200), tags=dict(type='dict'))) @@ -187,11 +236,10 @@ def main(): try: region, ec2_url, boto_params = get_aws_connection_info(module) - vpc = connect_to_aws(boto.vpc, region, **boto_params) except boto.exception.NoAuthHandlerFound, e: - module.fail_json(msg = str(e)) + module.fail_json(msg=str(e)) - if not region: + if not region: module.fail_json(msg="region must be specified") copy_image(module, ec2)