Create EC2 instance by Ansible with aws credentials

0
votes

I followed these 3 guides:

and I wrote this Ansible play

---
- hosts: localhost
  connection: local
  gather_facts: false

  tasks:
    - include_vars: aws_credentials.yml
    - name: Creating EC2 Ubuntu instance
      ec2:
        instance_type: t1.micro
        image: ami-86e0ffe7
        region: us-west-2
        key_name: my-aws-key
        zone: us-west-2a
        vpc_subnet_id: subnet-04199d61
        group_id: sg-cf6736aa
        assign_public_ip: yes
        count: 1
        wait: true
        volumes:
          - device_name: /dev/sda1
            volume_type: gp2
            volume_size: 10
        instance_tags:
          Name: ansible-test
          Project: test
          Ansible: manageable

      register: ec2

then I run ansible-playbook create-ec2.yml -v --private-key ~/.ssh/my-key --vault-password-file ~/.password/to_ansible_vault

and I was getting this message

PLAY [localhost] ***************************************************************

TASK [include_vars] ************************************************************

ok: [localhost] => {"ansible_facts": {"ec2_access_key": "decrypted_acces_key_XXXXX", "ec2_secret_key": "decrypted_secret_key_XXXXX"}, "changed": false}

TASK [Creating EC2 Ubuntu instance] ********************************************

fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV4Handler'] Check your credentials"}

NO MORE HOSTS LEFT *************************************************************

[WARNING]: Could not create retry file 'create-ec2.retry'. [Errno 2] No such file or directory: ''

PLAY RECAP *********************************************************************

localhost : ok=1 changed=0 unreachable=0 failed=1

when I ran ansible-vault view aws_credentials.yml --vault-password-file ~/.password/to_ansible_vault I got readable content of encrypted aws_credentials.yml, something like this :

---
ec2_access_key: "XXXXX"
ec2_secret_key: "XXXXX"

Also when I used plain aws_credentials.yml, it doesn't work. Only when I export my credentials, it works without any failure. Could somebody help me, how can I write playbook for creating ec2 instance with credentials stored in encrypted file?

2
amazon-web-servicesamazon-ec2ansibleansible-playbook
Ansible config generate from AWS 8gwifi.org/aws.jsp - anish

2 Answers

3
votes

I think you should supply your keys directly to ec2 module in this case.
Try this:

   - name: Creating EC2 Ubuntu instance
      ec2:
        aws_access_key: "{{ ec2_access_key }}"
        aws_secret_key: "{{ ec2_secret_key }}"
        instance_type: t1.micro
        image: ami-86e0ffe7
        region: us-west-2
        ...

The code suggests that it only checks module's arguments and environment variables, not host variables.

1
votes

Also you can export your AWS API keys to OS environment variables, like a: export AWS_ACCESS_KEY=XXXXXXX

In that case in Ansible scenario you need to set: - name: Creating EC2 Ubuntu instance ec2: aws_access_key: "{{ lookup('env', 'AWS_ACCESS_KEY') }}" aws_secret_key: "{{ lookup('env', 'AWS_SECRET_KEY') }}" instance_type: t1.micro image: ami-86e0ffe7 region: us-west-2