ec2_key_pair – Manage EC2 key pairs.¶
Create, delete or update an EC2 key pair.
Note that EC2 only supports RSA key pairs size 1024, 2048 and 4096.
Examples¶
- name: Create an EC2 key pair through EC2
ec2_key_pair:
name: my-first-keypair
register: first_keypair
- name: Store the generated private key.
copy:
path: /tmp/my-first-keypair.key
content: "{{ first_keypair.object.key_material }}"
- name: Generate a key pair locally
community.crypto.openssh_keypair:
path: /tmp/my-local-keypair
- name: Upload the public key to EC2 as a new key pair
ec2_key_pair:
name: my-local-keypair
public_key: "{{ lookup('file', '/tmp/my-local-keypair.pub') }}"
- name: Remove an EC2 key pair
ec2_key_pair:
name: my-local-keypair
state: absent
See Also¶
Parameters¶
- auth (optional)
Parameters for authenticating with the AWS service. Each of them may be defined via environment variables.
type: dict- access_key (optional)
The AWS access key ID. If not set, the value of the AWS_ACCESS_KEY environment variable will be checked.
Mutually exclusive with profile.
type: str- profile (optional)
The name of the AWS profile configured with
aws configure.Can be used instead of explicitly specifying your access credentials and region.
Use
defaultto use the default profile.Mutually exclusive with access_key and secret_key.
type: str- region (optional)
The name of the AWS region.
If not set, the value of the AWS_REGION environment variable will be checked.
If you set a profile that specifies a default region, that region is used and you can omit this parameter. Use this parameter to override the profile’s default region.
type: str- secret_key (optional)
The AWS secret access key. If not set, the value of the AWS_SECRET_KEY environment variable will be checked.
Mutually exclusive with profile.
type: str- url (optional)
The URL to the AWS service related to the resource. By default, this is automatically determined through the region parameter.
If not set explicitly, the value of the AWS_<SERVICE>_URL environment variable will be used.
The services currently supported are EC2 and S3.
type: str
- fingerprints (optional)
The MD5 fingerprint of public_key.
There is no need to specify a fingerprint. If any fingerprints are provided, and none match the public_key, this module errors out.
type: list- force (optional)
If “true”, this module allows overwriting a key pair with the same name but different contents that already exists on AWS EC2.
Additionally, if public_key is not specified, force=true always recreates the key pair.
type: bool- name (required)
The name of the AWS EC2 key pair.
type: str- public_key (optional)
The public key in the OpenSSH public key format, i.e. the format in ~/.ssh/authorized_keys and ~/.ssh/*.pub.
Specify this parameter if you have created a key pair yourself instead of having EC2 create it for you.
If this parameter is omitted, the playbook author must ensure that the remotely-generated private key is stored.
Important - when using public_key with a key pair that already exists on AWS, generated by AWS, this module creates a duplicate key. There is no way to avoid this, as there is no way of determining whether a key pair that was generated by AWS matches a key pair generated locally. This is due to AWS computing fingerprints differently for the two types - SHA1 on the private key and MD5 on the public key - and because AWS never returns public keys, only fingerprints.
type: str- state (optional)
Target state of the AWS resource.
type: strdefault: presentchoices: present, absent
Return Values¶
- object (success), dict, {‘object’: {‘name’: ‘my-first-keypair’, ‘fingerprint’: ‘0a:ec:24:7b:69:ce:98:63:a4:ea:3c:e6:76:bb:6c:66:90:d0:33:ae’, ‘key_material’: ‘—–BEGIN RSA PRIVATE KEY—–nMIIEowIBAAKCAQEAphtK07bud2MvFYN8nKgSlxX/7hDwTrI8ibA3HnfVtFEY3lMvX3Ytz0jGEIwTnMBclb5B6Bn0kJCeF4scd9PRfJC8WSM+mb0pKTKINqGkAOTpIWOI5Hy/A6ZOxzayK7sM7PamYCmMvnpbC0BuFmNQW3njzzM3kPQwfKrk+UeH7/vLVL1Fs9Ruh49i13Gb6z6QAIVThvPIQdnl2VnZibFRfrnIKvckjkwrGv11QxVHkhA9MNu476Y/P9L0Ry9tULXFf6YcWp8g279ACn4rLDiiNj544caBlfoI6fCnP3ZF+CTFaiYooRTqeQnSYW+84QO4xDab04Y2u5urppqnCifx+I/IaQIDAQABAoIBADcDzxK0AeNUn3GFZvUn9eLrFtJBa19yYt+g6jubudb9VJNFt58DMWXvP9JnCaxCAegurZF8Fz5SR6owjus5IqcJInPi87Zzpw9o7PFYrzy/koTpHxy02C+XfjTP576UAPNW3E3/CAzWUpU1b8DGf/TsOAGGSx8dYXnI+DnF/+YwIb1U8yoHqa4vmL55gBiQLd+gWAIkEqTnSLoZlG8jBcDii2BLoz0MfVK6Zbk6uHkJ+DgOQtunYEFX0/YbsNThNJkHTRJxSG8a0EVG4EdeAeKlJUJdYUPY0nuUabYVRbwbAan1KQRslmFD1cMj1pV8nbaWtctm+AwpPwBpfERDApxZhgaECgYEA4h0VZM/zhr001rgEUng8RBvbXr4OLwmN0JEjF5gowQ28nHZv7t9bFpkRFjibbViJpEWv2XXWg8eVm9UIGY6RZs4jRpfYNu78b1UeVUczf1DzX4gAOkt7DK+AonLQlPeEIDSzw+F2gwWFdGVw8GhKVbhu2rczGYcS6HPWwi1yDbhp0CgYEAvA/GmMRtQVb+y4VRu0QxnUoAOrYdy5HrAnJ4InDCVnEZFfMvL7rWndMoi6hRVAHaYPLteU4tsuXntCdpQpf15g8bEiUYJBQ5+nI5q4Ps494iv474AwHRn50y0ZKw5KcR31xtlGIGOL3DmN+uFnVgPhwDP9wlUSagValYQ92/36+T0CngYBQ7jn3EFtIsbYU2F5rqi9f7VySR5JKEbBZo2kdC9AicSkQrADnpw6tWShQHeZJqR1UKAFRKEYHn7qTwScaBqZSVpvXq4eu+dEOhDfMLCTpf+7sFYCHXPbY7oQqgPAHeuDn3lsNem2Maa3p4tJ8PoSPmnYnEIVQsMD6xGNsstlswcHQKBgQCAz6luz/QpsgW5ryqJQy8pXA8xqrn2Z2HwpIovOVPwg21rCkg3ny/LUGvQJMz35oEGsL4ZvYOtqq2nBuuhMma6WpRnPEMpyzTd2+a3DTw6yEP5kRYAvHrCwhY5coGA6n1JOYzQ+sdaLBiCaItcVK9EO3m6Tva8e+GMav7LFWMsOp3QKBgEW6spzn3phkQxSJ/PI2gXQXgCGtnxEjoXrrRxvhX9F2+AwM9osQCk81b36hvp4Ml4OyHSuYkmQoULRCum2e9SYo/bXIdaGNo/4ImJ1UpnMBbjB+4TLv3ywGU/mUcKgoBJra9M45qbBAfXZu74TVPs6k2EPCm4OltIZjNk5uba2908n—–END RSA PRIVATE KEY—–n’}}
An object representing an EC2 key pair.
- name (always), str,
The name of the key pair.
- fingerprint (always), str,
This keypair’s fingerprint.
Note that AWS computes fingerprints in two different ways - for AWS-generated keys, fingerprints are computed with SHA1 on the _private_ keys, while for imported keys, fingerprints are computed with MD5 on the _public_ keys.
- key_material (when first generated by AWS), str,
The private key material when this key pair was generated by AWS.