# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 name: 'Ansible Playbook Execution on Amazon Linux 2' description: 'This is a sample component that demonstrates how to download and execute an Ansible playbook against Amazon Linux 2.' schemaVersion: 1.0 constants: - s3bucket: type: string value: # <-- REPLACE VALUE HERE WITH S3 BUCKET NAME phases: - name: build steps: - name: InstallAnsible action: ExecuteBash inputs: commands: - sudo amazon-linux-extras install -y ansible2 - name: CreateDirectory action: ExecuteBash inputs: commands: - sudo mkdir -p /ansibleloc/roles - name: DownloadLinuxCis action: S3Download inputs: - source: 's3://{{ s3bucket }}/components/linux-cis.zip' destination: '/ansibleloc/linux-cis.zip' - name: UzipLinuxCis action: ExecuteBash inputs: commands: - unzip /ansibleloc/linux-cis.zip -d /ansibleloc/roles - echo "unzip linux-cis file" - name: DownloadCisPlaybook action: S3Download inputs: - source: 's3://{{ s3bucket }}/components/cis_playbook.yml' destination: '/ansibleloc/cis_playbook.yml' - name: InvokeCisAnsible action: ExecuteBinary inputs: path: ansible-playbook arguments: - '{{ build.DownloadCisPlaybook.inputs[0].destination }}' - '--tags=level1' - name: DeleteCisPlaybook action: ExecuteBash inputs: commands: - rm '{{ build.DownloadCisPlaybook.inputs[0].destination }}' - name: DownloadNginx action: S3Download inputs: - source: 's3://{{ s3bucket }}/components/nginx.zip' destination: '/ansibleloc/nginx.zip' - name: UzipNginx action: ExecuteBash inputs: commands: - unzip /ansibleloc/nginx.zip -d /ansibleloc/roles - echo "unzip Nginx file" - name: DownloadNginxPlaybook action: S3Download inputs: - source: 's3://{{ s3bucket }}/components/nginx_playbook.yml' destination: '/ansibleloc/nginx_playbook.yml' - name: InvokeNginxAnsible action: ExecuteBinary inputs: path: ansible-playbook arguments: - '{{ build.DownloadNginxPlaybook.inputs[0].destination }}' - name: DeleteNginxPlaybook action: ExecuteBash inputs: commands: - rm '{{ build.DownloadNginxPlaybook.inputs[0].destination }}' - name: validate steps: - name: ValidateDebug action: ExecuteBash inputs: commands: - sudo echo "ValidateDebug section" - name: test steps: - name: TestDebug action: ExecuteBash inputs: commands: - sudo echo "TestDebug section" - name: Download_Inspector_Test action: S3Download inputs: - source: 's3://ec2imagebuilder-managed-resources-us-east-1-prod/components/inspector-test-linux/1.0.1/InspectorTest' destination: '/workdir/InspectorTest' - name: Set_Executable_Permissions action: ExecuteBash inputs: commands: - sudo chmod +x /workdir/InspectorTest - name: ExecuteInspectorAssessment action: ExecuteBinary inputs: path: '/workdir/InspectorTest'