Try SpotterCreate & manage EC2 instances
| "added in version" 2.5 of ansible.builtin"
Authors: Ryan Scott Brown, @ryansb
preview | supported by community
pipInstall with pip install ansible==2.6.20
Gather facts about ec2 instances in AWS
# Note: These examples do not set authentication details, see the AWS Guide for details.
# Terminate every running instance in a region. Use with EXTREME caution.
- ec2_instance:
state: absent
filters:
instance-state-name: running
# restart a particular instance by its ID
- ec2_instance:
state: restarted
instance_ids:
- i-12345678
# start an instance with a public IP address
- ec2_instance:
name: "public-compute-instance"
key_name: "prod-ssh-key"
vpc_subnet_id: subnet-5ca1ab1e
instance_type: c5.large
security_group: default
network:
assign_public_ip: true
image_id: ami-123456
tags:
Environment: Testing
# start an instance and have it begin a Tower callback on boot
- ec2_instance:
name: "tower-callback-test"
key_name: "prod-ssh-key"
vpc_subnet_id: subnet-5ca1ab1e
security_group: default
tower_callback:
# IP or hostname of tower server
tower_address: 1.2.3.4
job_template_id: 876
host_config_key: '[secret config key goes here]'
network:
assign_public_ip: true
image_id: ami-123456
cpu_credit_specification: unlimited
tags:
SomeThing: "A value"
name:
description:
- The Name tag for the instance.
tags:
description:
- A hash/dictionary of tags to add to the new instance or to add/remove from an existing
one.
wait:
default: true
description:
- Whether or not to wait for the desired state (use wait_timeout to customize this)
image:
description:
- An image to use for the instance. The ec2_ami_facts module may be used to retrieve
images. One of I(image) or I(image_id) are required when instance is not already
present.
- Complex object containing I(image.id), I(image.ramdisk), and I(image.kernel).
- I(image.id) is the AMI ID.
- I(image.ramdisk) overrides the AMI's default ramdisk ID.
- I(image.kernel) is a string AKI to override the AMI kernel.
state:
choices:
- present
- terminated
- running
- started
- stopped
- restarted
- rebooted
- absent
default: present
description:
- Goal state for the instances
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION
environment variable, if any, is used. See U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
type: str
filters:
default:
subnet-id: <provided-or-default subnet>
tag:Name: <provided-Name-attribute>
description:
- A dict of filters to apply when deciding whether existing instances match and should
be altered. Each dict item consists of a filter key and a filter value. See U(http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html)
for possible filters. Filter names and values are case sensitive. By default, instances
are filtered for counting by their "Name" tag, base AMI, state (running, by default),
and subnet ID. Any queryable filter can be used. Good candidates are specific tags,
SSH keys, or security groups.
network:
description:
- Either a dictionary containing the key 'interfaces' corresponding to a list of network
interface IDs or containing specifications for a single network interface.
- If specifications for a single network are given, accepted keys are assign_public_ip
(bool), private_ip_address (str), ipv6_addresses (list), source_dest_check (bool),
description (str), delete_on_termination (bool), device_index (int), groups (list
of security group IDs), private_ip_addresses (list), subnet_id (str).
- I(network.interfaces) should be a list of ENI IDs (strings) or a list of objects
containing the key I(id).
- Use the ec2_eni to create ENIs with special settings.
profile:
aliases:
- aws_profile
description:
- The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
and I(security_token) options.
type: str
tenancy:
choices:
- dedicated
- default
description:
- What type of tenancy to allow an instance to use. Default is shared tenancy. Dedicated
tenancy will incur additional charges.
volumes:
description:
- A list of block device mappings, by default this will always use the AMI root device
so the volumes option is primarily for adding more storage.
- A mapping contains the (optional) keys device_name, virtual_name, ebs.device_type,
ebs.device_size, ebs.kms_key_id, ebs.iops, and ebs.delete_on_termination.
- For more information about each parameter, see U(https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BlockDeviceMapping.html)
image_id:
description:
- I(ami) ID to use for the instance. One of I(image) or I(image_id) are required when
instance is not already present.
- This is an alias for I(image.id).
key_name:
description:
- Name of the SSH access key to assign to the instance - must exist in the region
the instance is created.
user_data:
description:
- Opaque blob of data which is made available to the ec2 instance
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found at U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
type: dict
purge_tags:
default: false
description:
- Delete any tags not specified in the task that are on the instance. This means you
have to specify all the desired tags on each task affecting an instance.
endpoint_url:
aliases:
- ec2_url
- aws_endpoint_url
- s3_url
description:
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will
use EC2 endpoints). Ignored for modules where region is required. Must be specified
for all other modules if region is not used. If not set then the value of the EC2_URL
environment variable, if any, is used.
type: str
instance_ids:
description:
- If you specify one or more instance IDs, only instances that have the specified
IDs are returned.
wait_timeout:
default: 600
description:
- How long to wait (in seconds) for the instance to finish booting/terminating
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- 'Note: The CA Bundle is read ''module'' side and may need to be explicitly copied
from the controller if not run locally.'
type: path
ebs_optimized:
description:
- Whether instance is should use optimized EBS volumes, see U(http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html)
instance_role:
description:
- The ARN or name of an EC2-enabled instance role to be used. If a name is not provided
in arn format then the ListInstanceProfiles permission must also be granted. U(https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfiles.html)
If no full ARN is provided, the role with a matching name will be used from the
active AWS account.
instance_type:
default: t2.micro
description:
- Instance type to use for the instance, see U(http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html)
Only required when instance is not already present
vpc_subnet_id:
aliases:
- subnet_id
description:
- The subnet ID in which to launch the instance (VPC) If none is provided, ec2_instance
will chose the default zone of the default VPC
aws_access_key:
aliases:
- ec2_access_key
- access_key
description:
- C(AWS access key). If not set then the value of the C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY)
or C(EC2_ACCESS_KEY) environment variable is used.
- The I(aws_access_key) and I(profile) options are mutually exclusive.
type: str
aws_secret_key:
aliases:
- ec2_secret_key
- secret_key
description:
- C(AWS secret key). If not set then the value of the C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY),
or C(EC2_SECRET_KEY) environment variable is used.
- The I(aws_secret_key) and I(profile) options are mutually exclusive.
type: str
security_group:
description:
- A security group ID or name. Mutually exclusive with I(security_groups).
security_token:
aliases:
- aws_session_token
- session_token
- aws_security_token
- access_token
description:
- C(AWS STS security token). If not set then the value of the C(AWS_SECURITY_TOKEN)
or C(EC2_SECURITY_TOKEN) environment variable is used.
- The I(security_token) and I(profile) options are mutually exclusive.
- Aliases I(aws_session_token) and I(session_token) have been added in version 3.2.0.
type: str
tower_callback:
description:
- Preconfigured user-data to enable an instance to perform a Tower callback (Linux
only).
- Mutually exclusive with I(user_data).
- For Windows instances, to enable remote access via Ansible set I(tower_callback.windows)
to true, and optionally set an admin password.
- If using 'windows' and 'set_password', callback to Tower will not be performed but
the instance will be ready to receive winrm connections from Ansible.
suboptions:
host_config_key:
description:
- Host configuration secret key generated by the Tower job template.
job_template_id:
description:
- Either the integer ID of the Tower Job Template, or the name (name supported
only for Tower 3.2+)
tower_address:
description:
- IP address or DNS name of Tower server. Must be accessible via this address
from the VPC that this instance will be launched in.
validate_certs:
default: true
description:
- When set to "no", SSL certificates will not be validated for communication with
the AWS APIs.
type: bool
launch_template:
description:
- The EC2 launch template to base instance configuration on.
- I(launch_template.id) the ID or the launch template (optional if name is specified)
- I(launch_template.name) the pretty name of the launch template (optional if id is
specified)
- I(launch_template.version) the specific version of the launch template to use. If
unspecified, the template default is chosen.
security_groups:
description:
- A list of security group IDs or names (strings). Mutually exclusive with I(security_group).
availability_zone:
description:
- Specify an availability zone to use the default subnet it. Useful if not specifying
the I(vpc_subnet_id) parameter.
- If no subnet, ENI, or availability zone is provided, the default subnet in the default
VPC will be used in the first AZ (alphabetically sorted).
detailed_monitoring:
description:
- Whether to allow detailed cloudwatch metrics to be collected, enabling more detailed
alerting.
termination_protection:
description:
- Whether to enable termination protection. This module will not terminate an instance
with termination protection active, it must be turned off first.
cpu_credit_specification:
choices:
- unlimited
- standard
description:
- For T2 series instances, choose whether to allow increased charges to buy CPU credits
if the default pool is depleted.
- Choose I(unlimited) to enable buying additional CPU credits.
debug_botocore_endpoint_logs:
default: 'no'
description:
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action"
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the aws_resource_action callback to output to total list made
during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also
be used.
type: bool
instance_initiated_shutdown_behavior:
choices:
- stop
- terminate
description:
- Whether to stop or terminate an instance upon shutdown.
instances:
contains:
ami_launch_index:
description: The AMI launch index, which can be used to find this instance in
the launch group.
returned: always
sample: 0
type: int
architecture:
description: The architecture of the image
returned: always
sample: x86_64
type: string
block_device_mappings:
contains:
device_name:
description: The device name exposed to the instance (for example, /dev/sdh
or xvdh).
returned: always
sample: /dev/sdh
type: string
ebs:
contains:
attach_time:
description: The time stamp when the attachment initiated.
returned: always
sample: '2017-03-23T22:51:24+00:00'
type: string
delete_on_termination:
description: Indicates whether the volume is deleted on instance termination.
returned: always
sample: true
type: bool
status:
description: The attachment state.
returned: always
sample: attached
type: string
volume_id:
description: The ID of the EBS volume
returned: always
sample: vol-12345678
type: string
description: Parameters used to automatically set up EBS volumes when the
instance is launched.
returned: always
type: complex
description: Any block device mapping entries for the instance.
returned: always
type: complex
client_token:
description: The idempotency token you provided when you launched the instance,
if applicable.
returned: always
sample: mytoken
type: string
ebs_optimized:
description: Indicates whether the instance is optimized for EBS I/O.
returned: always
sample: false
type: bool
hypervisor:
description: The hypervisor type of the instance.
returned: always
sample: xen
type: string
iam_instance_profile:
contains:
arn:
description: The Amazon Resource Name (ARN) of the instance profile.
returned: always
sample: arn:aws:iam::000012345678:instance-profile/myprofile
type: string
id:
description: The ID of the instance profile
returned: always
sample: JFJ397FDG400FG9FD1N
type: string
description: The IAM instance profile associated with the instance, if applicable.
returned: always
type: complex
image_id:
description: The ID of the AMI used to launch the instance.
returned: always
sample: ami-0011223344
type: string
instance_id:
description: The ID of the instance.
returned: always
sample: i-012345678
type: string
instance_type:
description: The instance type size of the running instance.
returned: always
sample: t2.micro
type: string
key_name:
description: The name of the key pair, if this instance was launched with an
associated key pair.
returned: always
sample: my-key
type: string
launch_time:
description: The time the instance was launched.
returned: always
sample: '2017-03-23T22:51:24+00:00'
type: string
monitoring:
contains:
state:
description: Indicates whether detailed monitoring is enabled. Otherwise,
basic monitoring is enabled.
returned: always
sample: disabled
type: string
description: The monitoring for the instance.
returned: always
type: complex
network.source_dest_check:
description: Indicates whether source/destination checking is enabled.
returned: always
sample: true
type: bool
network_interfaces:
contains:
association:
contains:
ip_owner_id:
description: The ID of the owner of the Elastic IP address.
returned: always
sample: amazon
type: string
public_dns_name:
description: The public DNS name.
returned: always
sample: ''
type: string
public_ip:
description: The public IP address or Elastic IP address bound to the
network interface.
returned: always
sample: 1.2.3.4
type: string
description: The association information for an Elastic IPv4 associated
with the network interface.
returned: always
type: complex
attachment:
contains:
attach_time:
description: The time stamp when the attachment initiated.
returned: always
sample: '2017-03-23T22:51:24+00:00'
type: string
attachment_id:
description: The ID of the network interface attachment.
returned: always
sample: eni-attach-3aff3f
type: string
delete_on_termination:
description: Indicates whether the network interface is deleted when
the instance is terminated.
returned: always
sample: true
type: bool
device_index:
description: The index of the device on the instance for the network
interface attachment.
returned: always
sample: 0
type: int
status:
description: The attachment state.
returned: always
sample: attached
type: string
description: The network interface attachment.
returned: always
type: complex
description:
description: The description.
returned: always
sample: My interface
type: string
groups:
contains:
- group_id:
description: The ID of the security group.
returned: always
sample: sg-abcdef12
type: string
group_name:
description: The name of the security group.
returned: always
sample: mygroup
type: string
description: One or more security groups.
returned: always
type: complex
ipv6_addresses:
contains:
- ipv6_address:
description: The IPv6 address.
returned: always
sample: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
type: string
description: One or more IPv6 addresses associated with the network interface.
returned: always
type: complex
mac_address:
description: The MAC address.
returned: always
sample: 00:11:22:33:44:55
type: string
network_interface_id:
description: The ID of the network interface.
returned: always
sample: eni-01234567
type: string
owner_id:
description: The AWS account ID of the owner of the network interface.
returned: always
sample: 01234567890
type: string
private_ip_address:
description: The IPv4 address of the network interface within the subnet.
returned: always
sample: 10.0.0.1
type: string
private_ip_addresses:
contains:
- association:
contains:
ip_owner_id:
description: The ID of the owner of the Elastic IP address.
returned: always
sample: amazon
type: string
public_dns_name:
description: The public DNS name.
returned: always
sample: ''
type: string
public_ip:
description: The public IP address or Elastic IP address bound to
the network interface.
returned: always
sample: 1.2.3.4
type: string
description: The association information for an Elastic IP address (IPv4)
associated with the network interface.
returned: always
type: complex
primary:
description: Indicates whether this IPv4 address is the primary private
IP address of the network interface.
returned: always
sample: true
type: bool
private_ip_address:
description: The private IPv4 address of the network interface.
returned: always
sample: 10.0.0.1
type: string
description: The private IPv4 addresses associated with the network interface.
returned: always
type: complex
source_dest_check:
description: Indicates whether source/destination checking is enabled.
returned: always
sample: true
type: bool
status:
description: The status of the network interface.
returned: always
sample: in-use
type: string
subnet_id:
description: The ID of the subnet for the network interface.
returned: always
sample: subnet-0123456
type: string
vpc_id:
description: The ID of the VPC for the network interface.
returned: always
sample: vpc-0123456
type: string
description: One or more network interfaces for the instance.
returned: always
type: complex
placement:
contains:
availability_zone:
description: The Availability Zone of the instance.
returned: always
sample: ap-southeast-2a
type: string
group_name:
description: The name of the placement group the instance is in (for cluster
compute instances).
returned: always
sample: ''
type: string
tenancy:
description: The tenancy of the instance (if the instance is running in
a VPC).
returned: always
sample: default
type: string
description: The location where the instance launched, if applicable.
returned: always
type: complex
private_dns_name:
description: The private DNS name.
returned: always
sample: ip-10-0-0-1.ap-southeast-2.compute.internal
type: string
private_ip_address:
description: The IPv4 address of the network interface within the subnet.
returned: always
sample: 10.0.0.1
type: string
product_codes:
contains:
- product_code_id:
description: The product code.
returned: always
sample: aw0evgkw8ef3n2498gndfgasdfsd5cce
type: string
product_code_type:
description: The type of product code.
returned: always
sample: marketplace
type: string
description: One or more product codes.
returned: always
type: complex
public_dns_name:
description: The public DNS name assigned to the instance.
returned: always
sample: null
type: string
public_ip_address:
description: The public IPv4 address assigned to the instance
returned: always
sample: 52.0.0.1
type: string
root_device_name:
description: The device name of the root device
returned: always
sample: /dev/sda1
type: string
root_device_type:
description: The type of root device used by the AMI.
returned: always
sample: ebs
type: string
security_groups:
contains:
- group_id:
description: The ID of the security group.
returned: always
sample: sg-0123456
type: string
- group_name:
description: The name of the security group.
returned: always
sample: my-security-group
type: string
description: One or more security groups for the instance.
returned: always
type: complex
state:
contains:
code:
description: The low byte represents the state.
returned: always
sample: 16
type: int
name:
description: The name of the state.
returned: always
sample: running
type: string
description: The current state of the instance.
returned: always
type: complex
state_transition_reason:
description: The reason for the most recent state transition.
returned: always
sample: null
type: string
subnet_id:
description: The ID of the subnet in which the instance is running.
returned: always
sample: subnet-00abcdef
type: string
tags:
description: Any tags assigned to the instance.
returned: always
sample: null
type: dict
virtualization_type:
description: The type of virtualization of the AMI.
returned: always
sample: hvm
type: string
vpc_id:
description: The ID of the VPC the instance is in.
returned: always
sample: vpc-0011223344
type: dict
description: a list of ec2 instances
returned: always
type: complex