ec2_key_pair – Manage EC2 key pairs.

Create, delete or update an EC2 key pair.

Note that EC2 only supports RSA key pairs size 1024, 2048 and 4096.

Examples

- name: Create an EC2 key pair through EC2
  ec2_key_pair:
    name: my-first-keypair
  register: first_keypair
- name: Store the generated private key.
  copy:
    path: /tmp/my-first-keypair.key
    content: "{{ first_keypair.object.key_material }}"

- name: Generate a key pair locally
  openssh_keypair:
    path: /tmp/my-local-keypair
- name: Upload the public key to EC2 as a new key pair
  ec2_key_pair:
    name: my-local-keypair
    public_key: "{{ lookup('file', '/tmp/my-local-keypair.pub') }}"

- name: Remove an EC2 key pair
  ec2_key_pair:
    name: my-local-keypair
    state: absent

Parameters

auth (optional)

Parameters for authenticating with the AWS service. Each of them may be defined via environment variables.

type: dict
access_key (optional)

The AWS access key ID. If not set, the value of the AWS_ACCESS_KEY environment variable will be checked.

Mutually exclusive with profile.

type: str
profile (optional)

The name of the AWS profile configured with aws configure.

Can be used instead of explicitly specifying your access credentials and region.

Use default to use the default profile.

Mutually exclusive with access_key and secret_key.

type: str
region (optional)

The name of the AWS region.

If not set, the value of the AWS_REGION environment variable will be checked.

If you set a profile that specifies a default region, that region is used and you can omit this parameter. Use this parameter to override the profile’s default region.

type: str
secret_key (optional)

The AWS secret access key. If not set, the value of the AWS_SECRET_KEY environment variable will be checked.

Mutually exclusive with profile.

type: str
url (optional)

The URL to the AWS service related to the resource. By default, this is automatically determined through the region parameter.

If not set explicitly, the value of the AWS_<SERVICE>_URL environment variable will be used.

The services currently supported are EC2 and S3.

type: str
fingerprints (optional)

The MD5 fingerprint of public_key.

There is no need to specify a fingerprint. If any fingerprints are provided, and none match the public_key, this module errors out.

type: list
force (optional)

If “true”, this module allows overwriting a key pair with the same name but different contents that already exists on AWS EC2.

Additionally, if public_key is not specified, force=true always recreates the key pair.

type: bool
name (required)

The name of the AWS EC2 key pair.

type: str
public_key (optional)

The public key in the OpenSSH public key format, i.e. the format in ~/.ssh/authorized_keys and ~/.ssh/*.pub.

Specify this parameter if you have created a key pair yourself instead of having EC2 create it for you.

If this parameter is omitted, the playbook author must ensure that the remotely-generated private key is stored.

Important - when using public_key with a key pair that already exists on AWS, generated by AWS, this module creates a duplicate key. There is no way to avoid this, as there is no way of determining whether a key pair that was generated by AWS matches a key pair generated locally. This is due to AWS computing fingerprints differently for the two types - SHA1 on the private key and MD5 on the public key - and because AWS never returns public keys, only fingerprints.

type: str
state (optional)

Target state of the AWS resource.

type: str
default: present
choices: present, absent

Return Values

object (success), dict, {‘object’: {‘name’: ‘my-first-keypair’, ‘fingerprint’: ‘0a:ec:24:7b:69:ce:98:63:a4:ea:3c:e6:76:bb:6c:66:90:d0:33:ae’, ‘key_material’: ‘—–BEGIN RSA PRIVATE KEY—– MIIEowIBAAKCAQEAphtK07bud2MvFYN8nKgSlxX/7hDwTrI8ibA3HnfVtFEY3lMvX3Ytz0jGEIwT MBclb5B6Bn0kJCeF4scd9PRfJC8WSM+mb0pKTKINqGkAOTpIWOI5Hy/A6ZOxzayK7sM7PamYCmMv pbC0BuFmNQW3njzzM3kPQwfKrk+UeH7/vLVL1Fs9Ruh49i13Gb6z6QAIVThvPIQdnl2VnZibFRfr IKvckjkwrGv11QxVHkhA9MNu476Y/P9L0Ry9tULXFf6YcWp8g279ACn4rLDiiNj544caBlfoI6fC P3ZF+CTFaiYooRTqeQnSYW+84QO4xDab04Y2u5urppqnCifx+I/IaQIDAQABAoIBADcDzxK0AeNU 3GFZvUn9eLrFtJBa19yYt+g6jubudb9VJNFt58DMWXvP9JnCaxCAegurZF8Fz5SR6owjus5IqcJI Pi87Zzpw9o7PFYrzy/koTpHxy02C+XfjTP576UAPNW3E3/CAzWUpU1b8DGf/TsOAGGSx8dYXnI+D F/+YwIb1U8yoHqa4vmL55gBiQLd+gWAIkEqTnSLoZlG8jBcDii2BLoz0MfVK6Zbk6uHkJ+DgOQtu YEFX0/YbsNThNJkHTRJxSG8a0EVG4EdeAeKlJUJdYUPY0nuUabYVRbwbAan1KQRslmFD1cMj1pV8 baWtctm+AwpPwBpfERDApxZhgaECgYEA4h0VZM/zhr001rgEUng8RBvbXr4OLwmN0JEjF5gowQ28 HZv7t9bFpkRFjibbViJpEWv2XXWg8eVm9UIGY6RZs4jRpfYNu78b1UeVUczf1DzX4gAOkt7DK+Ao LQlPeEIDSzw+F2gwWFdGVw8GhKVbhu2rczGYcS6HPWwi1yDbhp0CgYEAvA/GmMRtQVb+y4VRu0Qx UoAOrYdy5HrAnJ4InDCVnEZFfMvL7rWndMoi6hRVAHaYPLteU4tsuXntCdpQpf15g8bEiUYJBQ5+ I5q4Ps494iv474AwHRn50y0ZKw5KcR31xtlGIGOL3DmN+uFnVgPhwDP9wlUSagValYQ92/36+T0C gYBQ7jn3EFtIsbYU2F5rqi9f7VySR5JKEbBZo2kdC9AicSkQrADnpw6tWShQHeZJqR1UKAFRKEYH 7qTwScaBqZSVpvXq4eu+dEOhDfMLCTpf+7sFYCHXPbY7oQqgPAHeuDn3lsNem2Maa3p4tJ8PoSPm YnEIVQsMD6xGNsstlswcHQKBgQCAz6luz/QpsgW5ryqJQy8pXA8xqrn2Z2HwpIovOVPwg21rCkg3 y/LUGvQJMz35oEGsL4ZvYOtqq2nBuuhMma6WpRnPEMpyzTd2+a3DTw6yEP5kRYAvHrCwhY5coGA6 1JOYzQ+sdaLBiCaItcVK9EO3m6Tva8e+GMav7LFWMsOp3QKBgEW6spzn3phkQxSJ/PI2gXQXgCGt xEjoXrrRxvhX9F2+AwM9osQCk81b36hvp4Ml4OyHSuYkmQoULRCum2e9SYo/bXIdaGNo/4ImJ1Up MBbjB+4TLv3ywGU/mUcKgoBJra9M45qbBAfXZu74TVPs6k2EPCm4OltIZjNk5uba2908 —–END RSA PRIVATE KEY—–’}})

An object representing an EC2 key pair.

name (always), str, )

The name of the key pair.

fingerprint (always), str, )

This keypair’s fingerprint.

Note that AWS computes fingerprints in two different ways - for AWS-generated keys, fingerprints are computed with SHA1 on the _private_ keys, while for imported keys, fingerprints are computed with MD5 on the _public_ keys.

key_material (when first generated by AWS), str, )

The private key material when this key pair was generated by AWS.