This is a script I wrote that queries the ec2 tags of an aws console, in order to figure out what environment a node belongs to, and what class to assign to it.
#!/bin/bash
# https://docs.puppetlabs.com/guides/external_nodes.html
# http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxx
export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxx
export AWS_DEFAULT_REGION=xxxxxxx
instanceid=`echo $1 | awk -F"_" '{print $NF}'` # $1 will match the certname
env=`/bin/aws --output text ec2 describe-instances --instance-ids $instanceid | grep '^TAGS' | grep 'env' | awk '{print $NF}'`
role=`/bin/aws --output text ec2 describe-instances --instance-ids $instanceid | grep '^TAGS' | grep 'role' | awk '{print $NF}'`
#aws ec2 describe-instances --instance-ids $instanceid > /tmp/enc-log.txt
#echo "puppet run occured at `date`" > /tmp/enc-log.txt
#echo "The first param value is: $1" >> /tmp/enc-log.txt
#echo "The environment is: $env" >> /tmp/enc-log.txt
#echo "The puppet role is: $role" >> /tmp/enc-log.txt
echo '---'
echo 'classes:'
echo " - roles::$role"
echo "environment: $env"
echo "parameters:"
echo " role: $role" # Needed for hiera lookup
In order for this script to work, you need to install the aws cli utility on the puppetmaster, also ensure your puppetmaster’s ec2 IAM role has the necessary privileges.