From 976a455e217a4da940b5881182d0e3967d784c4e Mon Sep 17 00:00:00 2001
From: "viacheslav.vasilyev" <viacheslav.vasilyev@accenture.com>
Date: Fri, 20 Dec 2019 10:45:22 +0200
Subject: [PATCH] Use AWS named profiles

---
 global_vars/noninteractive/amazon-site.yml    |  3 +--
 playbooks/amazon.yml                          |  8 ++-----
 .../roles/ec2-security-group/tasks/main.yml   | 24 +++++++------------
 playbooks/roles/genesis-amazon/tasks/main.yml | 18 +++++---------
 4 files changed, 17 insertions(+), 36 deletions(-)

diff --git a/global_vars/noninteractive/amazon-site.yml b/global_vars/noninteractive/amazon-site.yml
index 645bc3562..edb0c9fc6 100644
--- a/global_vars/noninteractive/amazon-site.yml
+++ b/global_vars/noninteractive/amazon-site.yml
@@ -42,8 +42,7 @@ aws_vpc_subnet_id_var: ""
 aws_instance_name: streisand
 
 # The AWS credentials to use.
-aws_access_key: ""
-aws_secret_key: ""
+aws_profile: ""
 
 # Definitions needed for Let's Encrypt HTTPS (or TLS) certificate setup.
 #
diff --git a/playbooks/amazon.yml b/playbooks/amazon.yml
index 72eb6df3d..ce2336780 100644
--- a/playbooks/amazon.yml
+++ b/playbooks/amazon.yml
@@ -90,12 +90,8 @@
       default: "streisand"
       private: no
 
-    - name: "aws_access_key"
-      prompt: "\n\nThe following information can be found in the IAM Management Console.\nhttps://console.aws.amazon.com/iam/home?#security_credential\n\nWhat is your AWS Access Key ID?\n"
-      private: no
-
-    - name: "aws_secret_key"
-      prompt: "\nWhat is your AWS Secret Access Key?\n"
+    - name: "aws_profile"
+      prompt: "\nWhat is your AWS named profile?\n"
       private: no
 
     - name: "confirmation"
diff --git a/playbooks/roles/ec2-security-group/tasks/main.yml b/playbooks/roles/ec2-security-group/tasks/main.yml
index 849cc83a3..9568d23bf 100644
--- a/playbooks/roles/ec2-security-group/tasks/main.yml
+++ b/playbooks/roles/ec2-security-group/tasks/main.yml
@@ -5,8 +5,7 @@
     description: Security group for Streisand
     region: "{{ aws_region }}"
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
 
 - name: Pause for fifteen seconds to ensure the EC2 security group has been created
   pause:
@@ -18,8 +17,7 @@
     description: Security group for Streisand
     region: "{{ aws_region }}"
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     rules:
       # Nginx
       # ---
@@ -53,8 +51,7 @@
     description: Security group for Streisand
     region: "{{ aws_region }}"
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
@@ -80,8 +77,7 @@
     description: Security group for Streisand
     region: "{{ aws_region }}"
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
@@ -107,8 +103,7 @@
     description: Security group for Streisand
     region: "{{ aws_region }}"
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
@@ -128,8 +123,7 @@
     description: Security group for Streisand
     region: "{{ aws_region }}"
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
@@ -155,8 +149,7 @@
     description: Security group for Streisand
     region: "{{ aws_region }}"
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
@@ -182,8 +175,7 @@
     description: Security group for Streisand
     region: "{{ aws_region }}"
     vpc_id: "{{ aws_vpc_id | default(omit) }}"
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     purge_rules: no
     purge_rules_egress: no
     rules:
diff --git a/playbooks/roles/genesis-amazon/tasks/main.yml b/playbooks/roles/genesis-amazon/tasks/main.yml
index 655e4bb75..9eea92d24 100644
--- a/playbooks/roles/genesis-amazon/tasks/main.yml
+++ b/playbooks/roles/genesis-amazon/tasks/main.yml
@@ -11,8 +11,7 @@
   ec2_key:
     name: streisand-ssh
     state: absent
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     region: "{{ aws_region }}"
     wait: yes
 
@@ -20,15 +19,13 @@
   ec2_key:
     name: streisand-ssh
     key_material: "{{ ssh_key.stdout }}"
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     region: "{{ aws_region }}"
     wait: yes
 
 - name: Determine which AMI to use
   ec2_ami_facts:
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     owners: "{{ aws_ami_owner }}"
     region: "{{ aws_region }}"
     filters:
@@ -37,8 +34,7 @@
 
 - name: Create the EC2 instance
   ec2:
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     instance_type: "{{ aws_instance_type }}"
     image: "{{ ami.images|sort(reverse=True,attribute='name')|map(attribute='image_id')|first }}"
     region: "{{ aws_region }}"
@@ -56,8 +52,7 @@
     name: "autorecover-{{ aws_instance_name }}"
     description: "This alarm will auto-recover the EC2 instance on host failure"
     state: present
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     region: "{{ aws_region }}"
     namespace: "AWS/EC2"
     metric: StatusCheckFailed_System
@@ -81,8 +76,7 @@
 
 - name: Allocate and associate Elastic IP
   ec2_eip:
-    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{ aws_secret_key }}"
+    profile: "{{ aws_profile }}"
     region: "{{ aws_region }}"
     device_id: "{{ streisand_server.instances[0].id }}"
     in_vpc: "{{ aws_vpc_id is defined and aws_vpc_id != '' }}"