amazon.aws
amazon.aws copied to clipboard
ansible-collections
Extend ec2_metadata_facts to get instance tags
Summary
AWS recently added support for retrieving instance tags from the instance metadata service, see: https://aws.amazon.com/about-aws/whats-new/2022/01/instance-tags-amazon-ec2-instance-metadata-service/
A natural fit for including this functionality would be to extend ec2_metadata_facts to support retrieving instance tags, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html#instance-metadata-ex-7 for details on how that is done.
I'd like to add the functionality, but I'm unclear what would be more acceptable to the community with regards to handling whether or not this functionality is enabled. There's two options I see:
- A flag passed to ec2_metadata_facts to tell it to attempt to retrieve tags, and fail with error when it can't
OR
- Assume the instance tag metadata functionality is enabled, attempt to retrieve tags, and fail silently when it's not
Which makes more sense and is in keeping with the "ethos" of the modules? My hunch is the 1st option.
Issue Type
Feature Idea
Component Name
ec2_metadata_facts.py
Additional Information
I'd be happy to write the code.
- amazon.aws.ec2_metadata_facts:
tags: yes
Code of Conduct
- [X] I agree to follow the Ansible Code of Conduct
Files identified in the description:
- [
plugins/modules/ec2_metadata_facts.py](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/plugins/modules/ec2_metadata_facts.py)
If these files are inaccurate, please update the component name section of the description or use the !component bot command.
@rcousens Thank you for this feature idea. I think the second option you listed - "Assume the instance tag metadata functionality is enabled, attempt to retrieve tags, and fail silently when it's not" makes more sense to me. Don't know what @tremble @jillr @markuman think about.
AWS recently added support for retrieving instance tags from the instance metadata service, see: https://aws.amazon.com/about-aws/whats-new/2022/01/instance-tags-amazon-ec2-instance-metadata-service/
Yes, and community.aws supports this already for ec2_launch_template since 3.1.0 and amazon.aws for ec2_instance the support is already in the main branch, but not released yet 🚀🚀🚀
"Assume the instance tag metadata functionality is enabled, attempt to retrieve tags, and fail silently when it's not" makes more sense to me.
Yes, +1 for the second option.
Just a few words more about accessing metadata from the instances itself
workaround
You can do it already using ansible buildin modules - more or less comfortable
- name: get metadata token
uri:
url: "http://169.254.169.254/latest/api/token"
headers:
X-aws-ec2-metadata-token-ttl-seconds: 60
method: PUT
return_content: yes
register: METADATA_TOKEN
- name: get tag name
uri:
url: "http://169.254.169.254/latest/meta-data/tags/instance/Name"
headers:
X-aws-ec2-metadata-token: "{{ METADATA_TOKEN.content }}"
return_content: yes
register: TAG_NAME
prod and cons
The ec2 instances that runs ec2_metadata_facts in believing they receive their tags, must have botocore >= 1.23.30.
I think you might need this feature when you're using ansible-pull or run some plays via systemd-timer.
Another possibility to access all instance tags is via a control node that is using the dynamical aws_ec2 inventory. They are accessable via host_vars.
