Every interaction with AWS requires you to be authenticated. With the Steampunk AWS Ansible Collection, authentication is completely consistent across all modules:

      region: eu-north-1
      access_key: my-access-key
      secret_key: my-secret-key
    name: my-vpc

This is the simplest option, hardcoding the credentials in the playbook directly. To avoid this, we can use environment variables, which are automatically used by the module:

    name: my-vpc
    AWS_REGION: eu-north-1
    AWS_ACCESS_KEY: my-access-key
    AWS_SECRET_KEY: my-secret-key

Strictly speaking, you still have credentials in your playbook in the example above, but you can run the playbook with an environment set externally to use this the way it was meant to be used.

    name: my-vpc
$ export AWS_REGION=eu-north-1
$ export AWS_ACCESS_KEY=my-access-key
$ export AWS_SECRET_KEY=my-secret-key
$ ansible-playbook your-playbook.yml

The advantage of this approach is that you only need to specify authentication details once, without specifying the auth parameter anywhere - it’ll work automatically.

You can also use the AWS CLI client profiles, which is useful if multiple tools need to access AWS:

$ aws configure set --profile work aws_access_key_id     my-access-key
$ aws configure set --profile work aws_secret_access_key my-secret-key
$ aws configure set --profile work region                eu-north-1
$ AWS_PROFILE=work ansible-playbook your-playbook.yml