Try SpotterCreate & manage EC2 instances
| "added in version" 1.0.0 of community.aws"
Authors: Ryan Scott Brown (@ryansb)
Install with ansible-galaxy collection install community.aws:==1.1.0
collections:
- name: community.aws
version: 1.1.0Create and manage AWS EC2 instances.
Note: This module does not support creating L(EC2 Spot instances,https://aws.amazon.com/ec2/spot/). The M(amazon.aws.ec2) module can create and manage spot instances.
# Note: These examples do not set authentication details, see the AWS Guide for details.
- name: Terminate every running instance in a region. Use with EXTREME caution.
community.aws.ec2_instance:
state: absent
filters:
instance-state-name: running
- name: restart a particular instance by its ID
community.aws.ec2_instance:
state: restarted
instance_ids:
- i-12345678
- name: start an instance with a public IP address
community.aws.ec2_instance:
name: "public-compute-instance"
key_name: "prod-ssh-key"
vpc_subnet_id: subnet-5ca1ab1e
instance_type: c5.large
security_group: default
network:
assign_public_ip: true
image_id: ami-123456
tags:
Environment: Testing
- name: start an instance and Add EBS
community.aws.ec2_instance:
name: "public-withebs-instance"
vpc_subnet_id: subnet-5ca1ab1e
instance_type: t2.micro
key_name: "prod-ssh-key"
security_group: default
volumes:
- device_name: /dev/sda1
ebs:
volume_size: 16
delete_on_termination: true
- name: start an instance with a cpu_options
community.aws.ec2_instance:
name: "public-cpuoption-instance"
vpc_subnet_id: subnet-5ca1ab1e
tags:
Environment: Testing
instance_type: c4.large
volumes:
- device_name: /dev/sda1
ebs:
delete_on_termination: true
cpu_options:
core_count: 1
threads_per_core: 1
- name: start an instance and have it begin a Tower callback on boot
community.aws.ec2_instance:
name: "tower-callback-test"
key_name: "prod-ssh-key"
vpc_subnet_id: subnet-5ca1ab1e
security_group: default
tower_callback:
# IP or hostname of tower server
tower_address: 1.2.3.4
job_template_id: 876
host_config_key: '[secret config key goes here]'
network:
assign_public_ip: true
image_id: ami-123456
cpu_credit_specification: unlimited
tags:
SomeThing: "A value"
- name: start an instance with ENI (An existing ENI ID is required)
community.aws.ec2_instance:
name: "public-eni-instance"
key_name: "prod-ssh-key"
vpc_subnet_id: subnet-5ca1ab1e
network:
interfaces:
- id: "eni-12345"
tags:
Env: "eni_on"
volumes:
- device_name: /dev/sda1
ebs:
delete_on_termination: true
instance_type: t2.micro
image_id: ami-123456
- name: add second ENI interface
community.aws.ec2_instance:
name: "public-eni-instance"
network:
interfaces:
- id: "eni-12345"
- id: "eni-67890"
image_id: ami-123456
tags:
Env: "eni_on"
instance_type: t2.micro
name:
description:
- The Name tag for the instance.
type: str
tags:
description:
- A hash/dictionary of tags to add to the new instance or to add/remove from an existing
one.
type: dict
wait:
default: true
description:
- Whether or not to wait for the desired state (use wait_timeout to customize this).
type: bool
image:
description:
- An image to use for the instance. The M(amazon.aws.ec2_ami_info) module may be used
to retrieve images. One of I(image) or I(image_id) are required when instance is
not already present.
suboptions:
id:
description:
- The AMI ID.
type: str
kernel:
description:
- a string AKI to override the AMI kernel.
ramdisk:
description:
- Overrides the AMI's default ramdisk ID.
type: str
type: dict
state:
choices:
- present
- terminated
- running
- started
- stopped
- restarted
- rebooted
- absent
default: present
description:
- Goal state for the instances.
type: str
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use.
- For global services such as IAM, Route53 and CloudFront, I(region) is ignored.
- The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used.
- See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region).
- The C(ec2_region) alias has been deprecated and will be removed in a release after
2024-12-01
- Support for the C(EC2_REGION) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
filters:
description:
- A dict of filters to apply when deciding whether existing instances match and should
be altered. Each dict item consists of a filter key and a filter value. See U(https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html).
for possible filters. Filter names and values are case sensitive.
- By default, instances are filtered for counting by their "Name" tag, base AMI, state
(running, by default), and subnet ID. Any queryable filter can be used. Good candidates
are specific tags, SSH keys, or security groups.
type: dict
network:
description:
- Either a dictionary containing the key 'interfaces' corresponding to a list of network
interface IDs or containing specifications for a single network interface.
- Use the M(amazon.aws.ec2_eni) module to create ENIs with special settings.
suboptions:
assign_public_ip:
description:
- when true assigns a public IP address to the interface
type: bool
delete_on_termination:
description:
- Delete the interface when the instance it is attached to is terminated.
type: bool
description:
description:
- a description for the network interface
type: str
device_index:
description:
- The index of the interface to modify
type: int
groups:
description:
- a list of security group IDs to attach to the interface
type: list
interfaces:
description:
- a list of ENI IDs (strings) or a list of objects containing the key I(id).
type: list
ipv6_addresses:
description:
- a list of IPv6 addresses to assign to the network interface
type: list
private_ip_address:
description:
- an IPv4 address to assign to the interface
type: str
private_ip_addresses:
description:
- a list of IPv4 addresses to assign to the network interface
type: list
source_dest_check:
description:
- controls whether source/destination checking is enabled on the interface
type: bool
subnet_id:
description:
- the subnet to connect the network interface to
type: str
type: dict
profile:
aliases:
- aws_profile
description:
- A named AWS profile to use for authentication.
- See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html).
- The C(AWS_PROFILE) environment variable may also be used.
- The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
and I(security_token) options.
type: str
tenancy:
choices:
- dedicated
- default
description:
- What type of tenancy to allow an instance to use. Default is shared tenancy. Dedicated
tenancy will incur additional charges.
type: str
volumes:
description:
- A list of block device mappings, by default this will always use the AMI root device
so the volumes option is primarily for adding more storage.
- A mapping contains the (optional) keys device_name, virtual_name, ebs.volume_type,
ebs.volume_size, ebs.kms_key_id, ebs.iops, and ebs.delete_on_termination.
- For more information about each parameter, see U(https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BlockDeviceMapping.html).
elements: dict
type: list
image_id:
description:
- I(ami) ID to use for the instance. One of I(image) or I(image_id) are required when
instance is not already present.
- This is an alias for I(image.id).
type: str
key_name:
description:
- Name of the SSH access key to assign to the instance - must exist in the region
the instance is created.
type: str
user_data:
description:
- Opaque blob of data which is made available to the ec2 instance
type: str
access_key:
aliases:
- aws_access_key_id
- aws_access_key
- ec2_access_key
description:
- AWS access key ID.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables
may also be used in decreasing order of preference.
- The I(aws_access_key) and I(profile) options are mutually exclusive.
- The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the
AWS botocore SDK.
- The I(ec2_access_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
type: dict
purge_tags:
default: false
description:
- Delete any tags not specified in the task that are on the instance. This means you
have to specify all the desired tags on each task affecting an instance.
type: bool
secret_key:
aliases:
- aws_secret_access_key
- aws_secret_key
- ec2_secret_key
description:
- AWS secret access key.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment
variables may also be used in decreasing order of preference.
- The I(secret_key) and I(profile) options are mutually exclusive.
- The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with
the AWS botocore SDK.
- The I(ec2_secret_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
cpu_options:
description:
- Reduce the number of vCPU exposed to the instance.
- Those parameters can only be set at instance launch. The two suboptions threads_per_core
and core_count are mandatory.
- See U(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html)
for combinations available.
- Requires botocore >= 1.10.16
suboptions:
core_count:
description:
- Set the number of core to enable.
required: true
type: int
threads_per_core:
choices:
- 1
- 2
description:
- Select the number of threads per core to enable. Disable or Enable Intel HT.
required: true
type: int
type: dict
endpoint_url:
aliases:
- ec2_url
- aws_endpoint_url
- s3_url
description:
- URL to connect to instead of the default AWS endpoints. While this can be used
to connection to other AWS-compatible services the amazon.aws and community.aws
collections are only tested against AWS.
- The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing
order of preference.
- The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in
a release after 2024-12-01.
- Support for the C(EC2_URL) environment variable has been deprecated and will be
removed in a release after 2024-12-01.
type: str
instance_ids:
description:
- If you specify one or more instance IDs, only instances that have the specified
IDs are returned.
elements: str
type: list
wait_timeout:
default: 600
description:
- How long to wait (in seconds) for the instance to finish booting/terminating.
type: int
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- The C(AWS_CA_BUNDLE) environment variable may also be used.
type: path
ebs_optimized:
description:
- Whether instance is should use optimized EBS volumes, see U(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html).
type: bool
instance_role:
description:
- The ARN or name of an EC2-enabled instance role to be used. If a name is not provided
in arn format then the ListInstanceProfiles permission must also be granted. U(https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfiles.html)
If no full ARN is provided, the role with a matching name will be used from the
active AWS account.
type: str
instance_type:
default: t2.micro
description:
- Instance type to use for the instance, see U(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html)
Only required when instance is not already present.
type: str
session_token:
aliases:
- aws_session_token
- security_token
- aws_security_token
- access_token
description:
- AWS STS session token for use with temporary credentials.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment
variables may also be used in decreasing order of preference.
- The I(security_token) and I(profile) options are mutually exclusive.
- Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with
the parameter being renamed from I(security_token) to I(session_token) in release
6.0.0.
- The I(security_token), I(aws_security_token), and I(access_token) aliases have been
deprecated and will be removed in a release after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables
has been deprecated and will be removed in a release after 2024-12-01.
type: str
vpc_subnet_id:
aliases:
- subnet_id
description:
- The subnet ID in which to launch the instance (VPC) If none is provided, M(community.aws.ec2_instance)
will chose the default zone of the default VPC.
type: str
security_group:
description:
- A security group ID or name. Mutually exclusive with I(security_groups).
type: str
tower_callback:
description:
- Preconfigured user-data to enable an instance to perform a Tower callback (Linux
only).
- Mutually exclusive with I(user_data).
- For Windows instances, to enable remote access via Ansible set I(tower_callback.windows)
to true, and optionally set an admin password.
- If using 'windows' and 'set_password', callback to Tower will not be performed but
the instance will be ready to receive winrm connections from Ansible.
suboptions:
host_config_key:
description:
- Host configuration secret key generated by the Tower job template.
type: str
job_template_id:
description:
- Either the integer ID of the Tower Job Template, or the name (name supported
only for Tower 3.2+).
type: str
tower_address:
description:
- IP address or DNS name of Tower server. Must be accessible via this address
from the VPC that this instance will be launched in.
type: str
type: dict
validate_certs:
default: true
description:
- When set to C(false), SSL certificates will not be validated for communication with
the AWS APIs.
- Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider
setting I(aws_ca_bundle) instead.
type: bool
launch_template:
description:
- The EC2 launch template to base instance configuration on.
suboptions:
id:
description:
- the ID of the launch template (optional if name is specified).
type: str
name:
description:
- the pretty name of the launch template (optional if id is specified).
type: str
version:
description:
- the specific version of the launch template to use. If unspecified, the template
default is chosen.
type: dict
placement_group:
description:
- The placement group that needs to be assigned to the instance
type: str
security_groups:
description:
- A list of security group IDs or names (strings). Mutually exclusive with I(security_group).
elements: str
type: list
availability_zone:
description:
- Specify an availability zone to use the default subnet it. Useful if not specifying
the I(vpc_subnet_id) parameter.
- If no subnet, ENI, or availability zone is provided, the default subnet in the default
VPC will be used in the first AZ (alphabetically sorted).
type: str
detailed_monitoring:
description:
- Whether to allow detailed cloudwatch metrics to be collected, enabling more detailed
alerting.
type: bool
termination_protection:
description:
- Whether to enable termination protection. This module will not terminate an instance
with termination protection active, it must be turned off first.
type: bool
cpu_credit_specification:
choices:
- unlimited
- standard
description:
- For T series instances, choose whether to allow increased charges to buy CPU credits
if the default pool is depleted.
- Choose I(unlimited) to enable buying additional CPU credits.
type: str
debug_botocore_endpoint_logs:
default: false
description:
- Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action")
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the C(aws_resource_action) callback to output to total list made
during a playbook.
- The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used.
type: bool
instance_initiated_shutdown_behavior:
choices:
- stop
- terminate
description:
- Whether to stop or terminate an instance upon shutdown.
type: str
instances:
contains:
ami_launch_index:
description: The AMI launch index, which can be used to find this instance in
the launch group.
returned: always
sample: 0
type: int
architecture:
description: The architecture of the image
returned: always
sample: x86_64
type: str
block_device_mappings:
contains:
device_name:
description: The device name exposed to the instance (for example, /dev/sdh
or xvdh).
returned: always
sample: /dev/sdh
type: str
ebs:
contains:
attach_time:
description: The time stamp when the attachment initiated.
returned: always
sample: '2017-03-23T22:51:24+00:00'
type: str
delete_on_termination:
description: Indicates whether the volume is deleted on instance termination.
returned: always
sample: true
type: bool
status:
description: The attachment state.
returned: always
sample: attached
type: str
volume_id:
description: The ID of the EBS volume
returned: always
sample: vol-12345678
type: str
description: Parameters used to automatically set up EBS volumes when the
instance is launched.
returned: always
type: complex
description: Any block device mapping entries for the instance.
returned: always
type: complex
client_token:
description: The idempotency token you provided when you launched the instance,
if applicable.
returned: always
sample: mytoken
type: str
ebs_optimized:
description: Indicates whether the instance is optimized for EBS I/O.
returned: always
sample: false
type: bool
hypervisor:
description: The hypervisor type of the instance.
returned: always
sample: xen
type: str
iam_instance_profile:
contains:
arn:
description: The Amazon Resource Name (ARN) of the instance profile.
returned: always
sample: arn:aws:iam::000012345678:instance-profile/myprofile
type: str
id:
description: The ID of the instance profile
returned: always
sample: JFJ397FDG400FG9FD1N
type: str
description: The IAM instance profile associated with the instance, if applicable.
returned: always
type: complex
image_id:
description: The ID of the AMI used to launch the instance.
returned: always
sample: ami-0011223344
type: str
instance_id:
description: The ID of the instance.
returned: always
sample: i-012345678
type: str
instance_type:
description: The instance type size of the running instance.
returned: always
sample: t2.micro
type: str
key_name:
description: The name of the key pair, if this instance was launched with an
associated key pair.
returned: always
sample: my-key
type: str
launch_time:
description: The time the instance was launched.
returned: always
sample: '2017-03-23T22:51:24+00:00'
type: str
monitoring:
contains:
state:
description: Indicates whether detailed monitoring is enabled. Otherwise,
basic monitoring is enabled.
returned: always
sample: disabled
type: str
description: The monitoring for the instance.
returned: always
type: complex
network.source_dest_check:
description: Indicates whether source/destination checking is enabled.
returned: always
sample: true
type: bool
network_interfaces:
contains:
association:
contains:
ip_owner_id:
description: The ID of the owner of the Elastic IP address.
returned: always
sample: amazon
type: str
public_dns_name:
description: The public DNS name.
returned: always
sample: ''
type: str
public_ip:
description: The public IP address or Elastic IP address bound to the
network interface.
returned: always
sample: 1.2.3.4
type: str
description: The association information for an Elastic IPv4 associated
with the network interface.
returned: always
type: complex
attachment:
contains:
attach_time:
description: The time stamp when the attachment initiated.
returned: always
sample: '2017-03-23T22:51:24+00:00'
type: str
attachment_id:
description: The ID of the network interface attachment.
returned: always
sample: eni-attach-3aff3f
type: str
delete_on_termination:
description: Indicates whether the network interface is deleted when
the instance is terminated.
returned: always
sample: true
type: bool
device_index:
description: The index of the device on the instance for the network
interface attachment.
returned: always
sample: 0
type: int
status:
description: The attachment state.
returned: always
sample: attached
type: str
description: The network interface attachment.
returned: always
type: complex
description:
description: The description.
returned: always
sample: My interface
type: str
groups:
contains:
group_id:
description: The ID of the security group.
returned: always
sample: sg-abcdef12
type: str
group_name:
description: The name of the security group.
returned: always
sample: mygroup
type: str
description: One or more security groups.
elements: dict
returned: always
type: list
ipv6_addresses:
contains:
ipv6_address:
description: The IPv6 address.
returned: always
sample: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
type: str
description: One or more IPv6 addresses associated with the network interface.
elements: dict
returned: always
type: list
mac_address:
description: The MAC address.
returned: always
sample: 00:11:22:33:44:55
type: str
network_interface_id:
description: The ID of the network interface.
returned: always
sample: eni-01234567
type: str
owner_id:
description: The AWS account ID of the owner of the network interface.
returned: always
sample: 01234567890
type: str
private_ip_address:
description: The IPv4 address of the network interface within the subnet.
returned: always
sample: 10.0.0.1
type: str
private_ip_addresses:
contains:
association:
contains:
ip_owner_id:
description: The ID of the owner of the Elastic IP address.
returned: always
sample: amazon
type: str
public_dns_name:
description: The public DNS name.
returned: always
sample: ''
type: str
public_ip:
description: The public IP address or Elastic IP address bound to
the network interface.
returned: always
sample: 1.2.3.4
type: str
description: The association information for an Elastic IP address (IPv4)
associated with the network interface.
returned: always
type: complex
primary:
description: Indicates whether this IPv4 address is the primary private
IP address of the network interface.
returned: always
sample: true
type: bool
private_ip_address:
description: The private IPv4 address of the network interface.
returned: always
sample: 10.0.0.1
type: str
description: The private IPv4 addresses associated with the network interface.
elements: dict
returned: always
type: list
source_dest_check:
description: Indicates whether source/destination checking is enabled.
returned: always
sample: true
type: bool
status:
description: The status of the network interface.
returned: always
sample: in-use
type: str
subnet_id:
description: The ID of the subnet for the network interface.
returned: always
sample: subnet-0123456
type: str
vpc_id:
description: The ID of the VPC for the network interface.
returned: always
sample: vpc-0123456
type: str
description: One or more network interfaces for the instance.
returned: always
type: complex
placement:
contains:
availability_zone:
description: The Availability Zone of the instance.
returned: always
sample: ap-southeast-2a
type: str
group_name:
description: The name of the placement group the instance is in (for cluster
compute instances).
returned: always
sample: ''
type: str
tenancy:
description: The tenancy of the instance (if the instance is running in
a VPC).
returned: always
sample: default
type: str
description: The location where the instance launched, if applicable.
returned: always
type: complex
private_dns_name:
description: The private DNS name.
returned: always
sample: ip-10-0-0-1.ap-southeast-2.compute.internal
type: str
private_ip_address:
description: The IPv4 address of the network interface within the subnet.
returned: always
sample: 10.0.0.1
type: str
product_codes:
contains:
product_code_id:
description: The product code.
returned: always
sample: aw0evgkw8ef3n2498gndfgasdfsd5cce
type: str
product_code_type:
description: The type of product code.
returned: always
sample: marketplace
type: str
description: One or more product codes.
elements: dict
returned: always
type: list
public_dns_name:
description: The public DNS name assigned to the instance.
returned: always
sample: null
type: str
public_ip_address:
description: The public IPv4 address assigned to the instance
returned: always
sample: 52.0.0.1
type: str
root_device_name:
description: The device name of the root device
returned: always
sample: /dev/sda1
type: str
root_device_type:
description: The type of root device used by the AMI.
returned: always
sample: ebs
type: str
security_groups:
contains:
group_id:
description: The ID of the security group.
returned: always
sample: sg-0123456
type: str
group_name:
description: The name of the security group.
returned: always
sample: my-security-group
type: str
description: One or more security groups for the instance.
elements: dict
returned: always
type: list
state:
contains:
code:
description: The low byte represents the state.
returned: always
sample: 16
type: int
name:
description: The name of the state.
returned: always
sample: running
type: str
description: The current state of the instance.
returned: always
type: complex
state_transition_reason:
description: The reason for the most recent state transition.
returned: always
sample: null
type: str
subnet_id:
description: The ID of the subnet in which the instance is running.
returned: always
sample: subnet-00abcdef
type: str
tags:
description: Any tags assigned to the instance.
returned: always
sample: null
type: dict
virtualization_type:
description: The type of virtualization of the AMI.
returned: always
sample: hvm
type: str
vpc_id:
description: The ID of the VPC the instance is in.
returned: always
sample: vpc-0011223344
type: dict
description: a list of ec2 instances
returned: when wait == true
type: complex