.. meta:: :description: Learn about ways to authenticate to AWS using the Steampunk AWS Ansible Collection, complete with example code. .. _doc_authentication: Authentication ============== Every interaction with AWS requires you to be authenticated. With the Steampunk AWS Ansible Collection, authentication is completely consistent across all modules: .. code-block:: yaml+jinja - steampunk.aws.ec2_vpc: auth: region: eu-north-1 access_key: my-access-key secret_key: my-secret-key name: my-vpc cidr: 198.51.100.0/24 This is the simplest option, hardcoding the credentials in the playbook directly. To avoid this, we can use environment variables, which are automatically used by the module: .. code-block:: yaml+jinja - steampunk.aws.ec2_vpc: name: my-vpc cidr: 198.51.100.0/24 environment: AWS_REGION: eu-north-1 AWS_ACCESS_KEY: my-access-key AWS_SECRET_KEY: my-secret-key Strictly speaking, you still have credentials in your playbook in the example above, but you can run the playbook with an environment set externally to use this the way it was meant to be used. .. code-block:: yaml+jinja - steampunk.aws.ec2_vpc: name: my-vpc cidr: 198.51.100.0/24 .. code-block:: shell $ export AWS_REGION=eu-north-1 $ export AWS_ACCESS_KEY=my-access-key $ export AWS_SECRET_KEY=my-secret-key $ ansible-playbook your-playbook.yml The advantage of this approach is that you only need to specify authentication details once, without specifying the ``auth`` parameter anywhere - it'll work automatically. You can also use the AWS CLI client profiles, which is useful if multiple tools need to access AWS: .. code-block:: shell $ aws configure set --profile work aws_access_key_id my-access-key $ aws configure set --profile work aws_secret_access_key my-secret-key $ aws configure set --profile work region eu-north-1 $ AWS_PROFILE=work ansible-playbook your-playbook.yml