.. meta:: :description: Create, delete or update an EC2 key pair. Note that EC2 only supports RSA key pairs size 1024, 2048 and 4096. .. _ec2_key_pair_module: ec2_key_pair -- Manage EC2 key pairs. ===================================== Create, delete or update an EC2 key pair. Note that EC2 only supports RSA key pairs size 1024, 2048 and 4096. Examples -------- .. code-block:: yaml+jinja - name: Create an EC2 key pair through EC2 ec2_key_pair: name: my-first-keypair register: first_keypair - name: Store the generated private key. copy: path: /tmp/my-first-keypair.key content: "{{ first_keypair.object.key_material }}" - name: Generate a key pair locally community.crypto.openssh_keypair: path: /tmp/my-local-keypair - name: Upload the public key to EC2 as a new key pair ec2_key_pair: name: my-local-keypair public_key: "{{ lookup('file', '/tmp/my-local-keypair.pub') }}" - name: Remove an EC2 key pair ec2_key_pair: name: my-local-keypair state: absent See Also -------- .. seealso:: - :ref:`ec2_key_pair_info_module` Parameters ---------- auth (optional) Parameters for authenticating with the AWS service. Each of them may be defined via environment variables. | **type**: dict access_key (optional) The AWS access key ID. If not set, the value of the AWS_ACCESS_KEY environment variable will be checked. Mutually exclusive with *profile*. | **type**: str profile (optional) The name of the AWS profile configured with ``aws configure``. Can be used instead of explicitly specifying your access credentials and region. Use ``default`` to use the default profile. Mutually exclusive with *access_key* and *secret_key*. | **type**: str region (optional) The name of the AWS region. If not set, the value of the AWS_REGION environment variable will be checked. If you set a *profile* that specifies a default region, that region is used and you can omit this parameter. Use this parameter to override the profile's default region. | **type**: str secret_key (optional) The AWS secret access key. If not set, the value of the AWS_SECRET_KEY environment variable will be checked. Mutually exclusive with *profile*. | **type**: str url (optional) The URL to the AWS service related to the resource. By default, this is automatically determined through the region parameter. If not set explicitly, the value of the AWS__URL environment variable will be used. The services currently supported are EC2 and S3. | **type**: str fingerprints (optional) The MD5 fingerprint of *public_key*. There is no need to specify a fingerprint. If any fingerprints are provided, and none match the *public_key*, this module errors out. | **type**: list force (optional) If "true", this module allows overwriting a key pair with the same name but different contents that already exists on AWS EC2. Additionally, if *public_key* is not specified, *force=true* always recreates the key pair. | **type**: bool name (required) The name of the AWS EC2 key pair. | **type**: str public_key (optional) The public key in the OpenSSH public key format, i.e. the format in ~/.ssh/authorized_keys and ~/.ssh/*.pub. Specify this parameter if you have created a key pair yourself instead of having EC2 create it for you. If this parameter is omitted, the playbook author must ensure that the remotely-generated private key is stored. Important - when using *public_key* with a key pair that already exists on AWS, generated by AWS, this module creates a duplicate key. There is no way to avoid this, as there is no way of determining whether a key pair that was generated by AWS matches a key pair generated locally. This is due to AWS computing fingerprints differently for the two types - SHA1 on the private key and MD5 on the public key - and because AWS never returns public keys, only fingerprints. | **type**: str state (optional) Target state of the AWS resource. | **type**: str | **default**: present | **choices**: present, absent Return Values ------------- object (success), dict, {'object': {'name': 'my-first-keypair', 'fingerprint': '0a:ec:24:7b:69:ce:98:63:a4:ea:3c:e6:76:bb:6c:66:90:d0:33:ae', 'key_material': '-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAphtK07bud2MvFYN8nKgSlxX/7hDwTrI8ibA3HnfVtFEY3lMvX3Ytz0jGEIwT\nMBclb5B6Bn0kJCeF4scd9PRfJC8WSM+mb0pKTKINqGkAOTpIWOI5Hy/A6ZOxzayK7sM7PamYCmMv\npbC0BuFmNQW3njzzM3kPQwfKrk+UeH7/vLVL1Fs9Ruh49i13Gb6z6QAIVThvPIQdnl2VnZibFRfr\nIKvckjkwrGv11QxVHkhA9MNu476Y/P9L0Ry9tULXFf6YcWp8g279ACn4rLDiiNj544caBlfoI6fC\nP3ZF+CTFaiYooRTqeQnSYW+84QO4xDab04Y2u5urppqnCifx+I/IaQIDAQABAoIBADcDzxK0AeNU\n3GFZvUn9eLrFtJBa19yYt+g6jubudb9VJNFt58DMWXvP9JnCaxCAegurZF8Fz5SR6owjus5IqcJI\nPi87Zzpw9o7PFYrzy/koTpHxy02C+XfjTP576UAPNW3E3/CAzWUpU1b8DGf/TsOAGGSx8dYXnI+D\nF/+YwIb1U8yoHqa4vmL55gBiQLd+gWAIkEqTnSLoZlG8jBcDii2BLoz0MfVK6Zbk6uHkJ+DgOQtu\nYEFX0/YbsNThNJkHTRJxSG8a0EVG4EdeAeKlJUJdYUPY0nuUabYVRbwbAan1KQRslmFD1cMj1pV8\nbaWtctm+AwpPwBpfERDApxZhgaECgYEA4h0VZM/zhr001rgEUng8RBvbXr4OLwmN0JEjF5gowQ28\nHZv7t9bFpkRFjibbViJpEWv2XXWg8eVm9UIGY6RZs4jRpfYNu78b1UeVUczf1DzX4gAOkt7DK+Ao\nLQlPeEIDSzw+F2gwWFdGVw8GhKVbhu2rczGYcS6HPWwi1yDbhp0CgYEAvA/GmMRtQVb+y4VRu0Qx\nUoAOrYdy5HrAnJ4InDCVnEZFfMvL7rWndMoi6hRVAHaYPLteU4tsuXntCdpQpf15g8bEiUYJBQ5+\nI5q4Ps494iv474AwHRn50y0ZKw5KcR31xtlGIGOL3DmN+uFnVgPhwDP9wlUSagValYQ92/36+T0C\ngYBQ7jn3EFtIsbYU2F5rqi9f7VySR5JKEbBZo2kdC9AicSkQrADnpw6tWShQHeZJqR1UKAFRKEYH\n7qTwScaBqZSVpvXq4eu+dEOhDfMLCTpf+7sFYCHXPbY7oQqgPAHeuDn3lsNem2Maa3p4tJ8PoSPm\nYnEIVQsMD6xGNsstlswcHQKBgQCAz6luz/QpsgW5ryqJQy8pXA8xqrn2Z2HwpIovOVPwg21rCkg3\ny/LUGvQJMz35oEGsL4ZvYOtqq2nBuuhMma6WpRnPEMpyzTd2+a3DTw6yEP5kRYAvHrCwhY5coGA6\n1JOYzQ+sdaLBiCaItcVK9EO3m6Tva8e+GMav7LFWMsOp3QKBgEW6spzn3phkQxSJ/PI2gXQXgCGt\nxEjoXrrRxvhX9F2+AwM9osQCk81b36hvp4Ml4OyHSuYkmQoULRCum2e9SYo/bXIdaGNo/4ImJ1Up\nMBbjB+4TLv3ywGU/mUcKgoBJra9M45qbBAfXZu74TVPs6k2EPCm4OltIZjNk5uba2908\n-----END RSA PRIVATE KEY-----\n'}} An object representing an EC2 key pair. name (always), str, The name of the key pair. fingerprint (always), str, This keypair's fingerprint. Note that AWS computes fingerprints in two different ways - for AWS-generated keys, fingerprints are computed with SHA1 on the _private_ keys, while for imported keys, fingerprints are computed with MD5 on the _public_ keys. key_material (when first generated by AWS), str, The private key material when this key pair was generated by AWS.