Thursday, July 19, 2018

Setting Security team email for security related issues in AWS Account

Follow the steps below to fill the security team email this can come handy to respond to the security related issues in the AWS Account

1. Sign in to the AWS Management Console and open the Billing and Cost Management console at https://console.aws.amazon.com/billing/home#/.

 2. On the navigation bar, choose your account name, and then choose My Account.

 3. Scroll down to the Alternate Contacts section, and then choose Edit.

 4. For the fields (in this case, Security Contact) that you want to change, type your updated information, and then choose Update.

These alternate contacts, which include the Security Contact, enable AWS to contact another person about issues with your account, even if you're not attending to this account regularly.

Ankit Mittal

Sunday, July 8, 2018

Configuring the dynamic inventory for Ansible

If you are running large number of servers in aws or using the autoscaling than its not possible to maintain the hosts entry in the hosts file of the ansible.

Instead you can use the dynamic inventory which is a python script. ec2.py available on the ansible and free to use. You can configure the python script as follows and target the ec2 instances to make the configuration changes via ansible even on the autoscaling instances using the tags.

1. Download the Ansible dynamic inventory script
wget https://raw.github.com/ansible/ansible/devel/contrib/inventory/ec2.py

2. Make the script executable
chmod +x ec2.py

3. Attach the role to the ec2 instance from which you are going to run the ansible and attach appropriate policy to the role with permissions which would be required by ansible for the configuration management.

4. If you are using the private instances than chances are you might receive the empty list when you run the ./ec2.py --list command to test the dynamic inventory. To resolve this issue open the ec2.py and make the following changes
'vpc_destination_variable': 'private_ip_address'

5. Run the ec2.py script again and it will list all the instances based on the tags.
./ec2.py --list

6. You can set the tags and call through ansible and ansible will push the configuration based on the tags.