buildspec.yml

version: 0.2

env:
  parameter-store:
    # ssh_priv_key=$(cat ~/.ssh/<KEY PAIR>.pem | sed -e :loop -e 'N; $!b loop' -e 's/\n/\\n/g')
    # aws ssm put-parameter --name keypair-ansible-playbook --value $ssh_priv_key --type SecureString
    SSH_PRIVATE_KEY: "keypair-ansible-playbook"

phases:
  install:
    runtime-versions:
      python: 3.9
  pre_build:
    commands:
      # Create Private SSH key
      - mkdir -p ~/.ssh && echo $SSH_PRIVATE_KEY | sed 's/\\n/\n/g' > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
      - pip3 install -r ./.devcontainer/requirements.txt
      # Debug
      - ansible --version
      - apt-get update && export DEBIAN_FRONTEND=noninteractive && apt-get -y install --no-install-recommends curl ssh unzip jq
      - ansible-galaxy role install -r ./requirements.yml
      - ansible-galaxy collection install -r ./requirements.yml
      # AWS Credentials
      - curl -qL -o aws_credentials.json 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
      - export AWS_REGION
      - export AWS_ACCESS_KEY_ID=$(jq -r '.AccessKeyId' aws_credentials.json)
      - export AWS_SECRET_ACCESS_KEY=$(jq -r '.SecretAccessKey' aws_credentials.json)
      - export AWS_SECURITY_TOKEN=$(jq -r '.Token' aws_credentials.json)
  build:
    commands:
      - |
        ansible-playbook -i ./inventory/dynamic.aws_ec2.yml \
          apply_by_codebuild.yml \
          -e "ansible_user=ec2-user" \
          -e "ansible_ssh_private_key_file=~/.ssh/id_rsa"