ec2_key_pair – Manage EC2 key pairs.

Create, delete or update an EC2 key pair.

Note that EC2 only supports RSA key pairs size 1024, 2048 and 4096.

Examples

- name: Create an EC2 key pair through EC2
  ec2_key_pair:
    name: my-first-keypair
  register: first_keypair
- name: Store the generated private key.
  copy:
    path: /tmp/my-first-keypair.key
    content: "{{ first_keypair.object.key_material }}"

- name: Generate a key pair locally
  openssh_keypair:
    path: /tmp/my-local-keypair
- name: Upload the public key to EC2 as a new key pair
  ec2_key_pair:
    name: my-local-keypair
    public_key: "{{ lookup('file', '/tmp/my-local-keypair.pub') }}"

- name: Remove an EC2 key pair
  ec2_key_pair:
    name: my-local-keypair
    state: absent

Parameters

auth (optional)

Parameters for authenticating with the AWS service. Each of them may be defined via environment variables.

type: dict
access_key (optional)

The AWS access key ID. If not set, the value of the AWS_ACCESS_KEY environment variable will be checked.

Mutually exclusive with profile.

type: str
profile (optional)

The name of the AWS profile configured with aws configure.

Can be used instead of explicitly specifying your access credentials and region.

Use default to use the default profile.

Mutually exclusive with access_key and secret_key.

type: str
region (optional)

The name of the AWS region.

If not set, the value of the AWS_REGION environment variable will be checked.

If you set a profile that specifies a default region, that region is used and you can omit this parameter. Use this parameter to override the profile’s default region.

type: str
secret_key (optional)

The AWS secret access key. If not set, the value of the AWS_SECRET_KEY environment variable will be checked.

Mutually exclusive with profile.

type: str
url (optional)

The URL to the AWS service related to the resource. By default, this is automatically determined through the region parameter.

If not set explicitly, the value of the AWS_<SERVICE>_URL environment variable will be used.

The services currently supported are EC2 and S3.

type: str
fingerprints (optional)

The MD5 fingerprint of public_key.

There is no need to specify a fingerprint. If any fingerprints are provided, and none match the public_key, this module errors out.

type: list
force (optional)

If “true”, this module allows overwriting a key pair with the same name but different contents that already exists on AWS EC2.

Additionally, if public_key is not specified, force=true always recreates the key pair.

type: bool
name (required)

The name of the AWS EC2 key pair.

type: str
public_key (optional)

The public key in the OpenSSH public key format, i.e. the format in ~/.ssh/authorized_keys and ~/.ssh/*.pub.

Specify this parameter if you have created a key pair yourself instead of having EC2 create it for you.

If this parameter is omitted, the playbook author must ensure that the remotely-generated private key is stored.

Important - when using public_key with a key pair that already exists on AWS, generated by AWS, this module creates a duplicate key. There is no way to avoid this, as there is no way of determining whether a key pair that was generated by AWS matches a key pair generated locally. This is due to AWS computing fingerprints differently for the two types - SHA1 on the private key and MD5 on the public key - and because AWS never returns public keys, only fingerprints.

type: str
state (optional)

Target state of the AWS resource.

type: str
default: present
choices: present, absent

Return Values

object (success), dict, {‘object’: {‘name’: ‘my-first-keypair’, ‘fingerprint’: ‘0a:ec:24:7b:69:ce:98:63:a4:ea:3c:e6:76:bb:6c:66:90:d0:33:ae’, ‘key_material’: ‘—–BEGIN RSA PRIVATE KEY—–nMIIEowIBAAKCAQEAphtK07bud2MvFYN8nKgSlxX/7hDwTrI8ibA3HnfVtFEY3lMvX3Ytz0jGEIwTnMBclb5B6Bn0kJCeF4scd9PRfJC8WSM+mb0pKTKINqGkAOTpIWOI5Hy/A6ZOxzayK7sM7PamYCmMvnpbC0BuFmNQW3njzzM3kPQwfKrk+UeH7/vLVL1Fs9Ruh49i13Gb6z6QAIVThvPIQdnl2VnZibFRfrnIKvckjkwrGv11QxVHkhA9MNu476Y/P9L0Ry9tULXFf6YcWp8g279ACn4rLDiiNj544caBlfoI6fCnP3ZF+CTFaiYooRTqeQnSYW+84QO4xDab04Y2u5urppqnCifx+I/IaQIDAQABAoIBADcDzxK0AeNUn3GFZvUn9eLrFtJBa19yYt+g6jubudb9VJNFt58DMWXvP9JnCaxCAegurZF8Fz5SR6owjus5IqcJInPi87Zzpw9o7PFYrzy/koTpHxy02C+XfjTP576UAPNW3E3/CAzWUpU1b8DGf/TsOAGGSx8dYXnI+DnF/+YwIb1U8yoHqa4vmL55gBiQLd+gWAIkEqTnSLoZlG8jBcDii2BLoz0MfVK6Zbk6uHkJ+DgOQtunYEFX0/YbsNThNJkHTRJxSG8a0EVG4EdeAeKlJUJdYUPY0nuUabYVRbwbAan1KQRslmFD1cMj1pV8nbaWtctm+AwpPwBpfERDApxZhgaECgYEA4h0VZM/zhr001rgEUng8RBvbXr4OLwmN0JEjF5gowQ28nHZv7t9bFpkRFjibbViJpEWv2XXWg8eVm9UIGY6RZs4jRpfYNu78b1UeVUczf1DzX4gAOkt7DK+AonLQlPeEIDSzw+F2gwWFdGVw8GhKVbhu2rczGYcS6HPWwi1yDbhp0CgYEAvA/GmMRtQVb+y4VRu0QxnUoAOrYdy5HrAnJ4InDCVnEZFfMvL7rWndMoi6hRVAHaYPLteU4tsuXntCdpQpf15g8bEiUYJBQ5+nI5q4Ps494iv474AwHRn50y0ZKw5KcR31xtlGIGOL3DmN+uFnVgPhwDP9wlUSagValYQ92/36+T0CngYBQ7jn3EFtIsbYU2F5rqi9f7VySR5JKEbBZo2kdC9AicSkQrADnpw6tWShQHeZJqR1UKAFRKEYHn7qTwScaBqZSVpvXq4eu+dEOhDfMLCTpf+7sFYCHXPbY7oQqgPAHeuDn3lsNem2Maa3p4tJ8PoSPmnYnEIVQsMD6xGNsstlswcHQKBgQCAz6luz/QpsgW5ryqJQy8pXA8xqrn2Z2HwpIovOVPwg21rCkg3ny/LUGvQJMz35oEGsL4ZvYOtqq2nBuuhMma6WpRnPEMpyzTd2+a3DTw6yEP5kRYAvHrCwhY5coGA6n1JOYzQ+sdaLBiCaItcVK9EO3m6Tva8e+GMav7LFWMsOp3QKBgEW6spzn3phkQxSJ/PI2gXQXgCGtnxEjoXrrRxvhX9F2+AwM9osQCk81b36hvp4Ml4OyHSuYkmQoULRCum2e9SYo/bXIdaGNo/4ImJ1UpnMBbjB+4TLv3ywGU/mUcKgoBJra9M45qbBAfXZu74TVPs6k2EPCm4OltIZjNk5uba2908n—–END RSA PRIVATE KEY—–n’}}

An object representing an EC2 key pair.

name (always), str,

The name of the key pair.

fingerprint (always), str,

This keypair’s fingerprint.

Note that AWS computes fingerprints in two different ways - for AWS-generated keys, fingerprints are computed with SHA1 on the _private_ keys, while for imported keys, fingerprints are computed with MD5 on the _public_ keys.

key_material (when first generated by AWS), str,

The private key material when this key pair was generated by AWS.