Try SpotterManage EC2 key pairs.
Authors: Manca Bizjak (@mancabizjak), Aljaz Kosir (@aljazkosir), Saso Stanovnik (@sstanovnik), Miha Dolinar (@mdolinar), Tadej Borovsak (@tadeboro)
preview | supported by XLAB Steampunk
This plugin has a corresponding action plugin.
Install with ansible-galaxy collection install steampunk.aws:==0.9.0
collections:
- name: steampunk.aws
version: 0.9.0Create, delete or update an EC2 key pair.
Note that EC2 only supports RSA key pairs size 1024, 2048 and 4096.
- name: Create an EC2 key pair through EC2
ec2_key_pair:
name: my-first-keypair
register: first_keypair
- name: Store the generated private key.
copy:
path: /tmp/my-first-keypair.key
content: "{{ first_keypair.object.key_material }}"
- name: Generate a key pair locally
community.crypto.openssh_keypair:
path: /tmp/my-local-keypair
- name: Upload the public key to EC2 as a new key pair
ec2_key_pair:
name: my-local-keypair
public_key: "{{ lookup('file', '/tmp/my-local-keypair.pub') }}"
- name: Remove an EC2 key pair
ec2_key_pair:
name: my-local-keypair
state: absent
auth:
description:
- Parameters for authenticating with the AWS service. Each of them may be defined
via environment variables.
suboptions:
access_key:
description:
- The AWS access key ID. If not set, the value of the AWS_ACCESS_KEY environment
variable will be checked.
- Mutually exclusive with I(profile).
required: false
type: str
profile:
description:
- The name of the AWS profile configured with C(aws configure).
- Can be used instead of explicitly specifying your access credentials and region.
- Use C(default) to use the default profile.
- Mutually exclusive with I(access_key) and I(secret_key).
required: false
type: str
region:
description:
- The name of the AWS region.
- If not set, the value of the AWS_REGION environment variable will be checked.
- If you set a I(profile) that specifies a default region, that region is used
and you can omit this parameter. Use this parameter to override the profile's
default region.
type: str
secret_key:
description:
- The AWS secret access key. If not set, the value of the AWS_SECRET_KEY environment
variable will be checked.
- Mutually exclusive with I(profile).
required: false
type: str
url:
description:
- The URL to the AWS service related to the resource. By default, this is automatically
determined through the region parameter.
- If not set explicitly, the value of the AWS_<SERVICE>_URL environment variable
will be used.
- The services currently supported are EC2 and S3.
required: false
type: str
type: dict
name:
description:
- The name of the AWS EC2 key pair.
required: true
type: str
force:
default: false
description:
- If "true", this module allows overwriting a key pair with the same name but different
contents that already exists on AWS EC2.
- Additionally, if I(public_key) is not specified, I(force=true) always recreates
the key pair.
type: bool
state:
choices:
- present
- absent
default: present
description:
- Target state of the AWS resource.
type: str
public_key:
description:
- The public key in the OpenSSH public key format, i.e. the format in ~/.ssh/authorized_keys
and ~/.ssh/*.pub.
- Specify this parameter if you have created a key pair yourself instead of having
EC2 create it for you.
- If this parameter is omitted, the playbook author must ensure that the remotely-generated
private key is stored.
- Important - when using I(public_key) with a key pair that already exists on AWS,
generated by AWS, this module creates a duplicate key. There is no way to avoid
this, as there is no way of determining whether a key pair that was generated by
AWS matches a key pair generated locally. This is due to AWS computing fingerprints
differently for the two types - SHA1 on the private key and MD5 on the public key
- and because AWS never returns public keys, only fingerprints.
type: str
fingerprints:
description:
- The MD5 fingerprint of I(public_key).
- There is no need to specify a fingerprint. If any fingerprints are provided, and
none match the I(public_key), this module errors out.
elements: str
required: false
type: list
object:
contains:
fingerprint:
description:
- This keypair's fingerprint.
- Note that AWS computes fingerprints in two different ways - for AWS-generated
keys, fingerprints are computed with SHA1 on the _private_ keys, while for
imported keys, fingerprints are computed with MD5 on the _public_ keys.
returned: always
type: str
key_material:
description: The private key material when this key pair was generated by AWS.
returned: when first generated by AWS
type: str
name:
description: The name of the key pair.
returned: always
type: str
description:
- An object representing an EC2 key pair.
returned: success
sample:
object:
fingerprint: 0a:ec:24:7b:69:ce:98:63:a4:ea:3c:e6:76:bb:6c:66:90:d0:33:ae
key_material: '-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAphtK07bud2MvFYN8nKgSlxX/7hDwTrI8ibA3HnfVtFEY3lMvX3Ytz0jGEIwT
MBclb5B6Bn0kJCeF4scd9PRfJC8WSM+mb0pKTKINqGkAOTpIWOI5Hy/A6ZOxzayK7sM7PamYCmMv
pbC0BuFmNQW3njzzM3kPQwfKrk+UeH7/vLVL1Fs9Ruh49i13Gb6z6QAIVThvPIQdnl2VnZibFRfr
IKvckjkwrGv11QxVHkhA9MNu476Y/P9L0Ry9tULXFf6YcWp8g279ACn4rLDiiNj544caBlfoI6fC
P3ZF+CTFaiYooRTqeQnSYW+84QO4xDab04Y2u5urppqnCifx+I/IaQIDAQABAoIBADcDzxK0AeNU
3GFZvUn9eLrFtJBa19yYt+g6jubudb9VJNFt58DMWXvP9JnCaxCAegurZF8Fz5SR6owjus5IqcJI
Pi87Zzpw9o7PFYrzy/koTpHxy02C+XfjTP576UAPNW3E3/CAzWUpU1b8DGf/TsOAGGSx8dYXnI+D
F/+YwIb1U8yoHqa4vmL55gBiQLd+gWAIkEqTnSLoZlG8jBcDii2BLoz0MfVK6Zbk6uHkJ+DgOQtu
YEFX0/YbsNThNJkHTRJxSG8a0EVG4EdeAeKlJUJdYUPY0nuUabYVRbwbAan1KQRslmFD1cMj1pV8
baWtctm+AwpPwBpfERDApxZhgaECgYEA4h0VZM/zhr001rgEUng8RBvbXr4OLwmN0JEjF5gowQ28
HZv7t9bFpkRFjibbViJpEWv2XXWg8eVm9UIGY6RZs4jRpfYNu78b1UeVUczf1DzX4gAOkt7DK+Ao
LQlPeEIDSzw+F2gwWFdGVw8GhKVbhu2rczGYcS6HPWwi1yDbhp0CgYEAvA/GmMRtQVb+y4VRu0Qx
UoAOrYdy5HrAnJ4InDCVnEZFfMvL7rWndMoi6hRVAHaYPLteU4tsuXntCdpQpf15g8bEiUYJBQ5+
I5q4Ps494iv474AwHRn50y0ZKw5KcR31xtlGIGOL3DmN+uFnVgPhwDP9wlUSagValYQ92/36+T0C
gYBQ7jn3EFtIsbYU2F5rqi9f7VySR5JKEbBZo2kdC9AicSkQrADnpw6tWShQHeZJqR1UKAFRKEYH
7qTwScaBqZSVpvXq4eu+dEOhDfMLCTpf+7sFYCHXPbY7oQqgPAHeuDn3lsNem2Maa3p4tJ8PoSPm
YnEIVQsMD6xGNsstlswcHQKBgQCAz6luz/QpsgW5ryqJQy8pXA8xqrn2Z2HwpIovOVPwg21rCkg3
y/LUGvQJMz35oEGsL4ZvYOtqq2nBuuhMma6WpRnPEMpyzTd2+a3DTw6yEP5kRYAvHrCwhY5coGA6
1JOYzQ+sdaLBiCaItcVK9EO3m6Tva8e+GMav7LFWMsOp3QKBgEW6spzn3phkQxSJ/PI2gXQXgCGt
xEjoXrrRxvhX9F2+AwM9osQCk81b36hvp4Ml4OyHSuYkmQoULRCum2e9SYo/bXIdaGNo/4ImJ1Up
MBbjB+4TLv3ywGU/mUcKgoBJra9M45qbBAfXZu74TVPs6k2EPCm4OltIZjNk5uba2908
-----END RSA PRIVATE KEY-----
'
name: my-first-keypair
type: dict