This use case allows you to demonstrate Event-driven-Ansible (EDA) with AWS CloudTrail.
be aware that CloudTrail can take 5 minutes to process an event - this is not an issue, but documented behavior.
EDA sometimes ignores events - it often makes sense to do a couple of use cases, of if time permits retry
There are three use cases ready to demonstrate.
Assuming a user intentionally or by mistake deploys an instance on EC2 with a bad security group definition. EDA can detect and fix this security issue.
create an instance on EC2
make sure to name the instance AND the security group sgdemo
select an intentionally insecure security group, for example make open all TCP ports
show how the event is processed
a Job template should run and fix the security group, show the change it applies
go back to EC2 and confirm the security group is fixed
This use cases assumes you have an important instance which should never stop or be terminated. If it is, it should be restarted or recreated.
create an instance call edainstance
stop or terminate the instance
show how CloudTrail and EDA process the event
the edainstance should run again
In this use case we assume the customer has a policy only allowing certain Amazon Images (AMI) - and delete instances with non-compliant AMI’s.
NOTE: Before running this, double check the Ubuntu AMI ID and update the rulebook if needed!
in EC2 start an instance and use Ubuntu image as base
all other settings are irrelevant, EDA only checks the AMI ID
show how CloudTrail and EDA process the event
show job template to delete instance was launched
go back to EC2 and confirm the instance is gone