Ansible & AWS ec2-instance-connect - cannot SSH

Hello, has anyone ever used AWS ec2-instance-connect with Ansible to connect to servers, using a ProxyCommand in ansible_ssh_common_args ? I cannot get Ansible to SSH to the server. When I run the straight aws command from the ansible server, connects fine.

Full details in pastebin links below, but some small context:

Playbook Task:

- name: Create tomcat group
  become: true
  ansible.builtin.group:
    name: tomcat
    gid: 2001
    state: present

group_vars settings:

ansible_user: ansible
ansible_ssh_private_key_file: /opt/ansible/keys/ansible.pem
 
ansible_ssh_common_args: '-o ProxyCommand="aws ec2-instance-connect ssh --region us-east-1 --instance-id {{ instance_id }} --os-user {{ ansible_user }} --private-key-file {{ ansible_ssh_private_key_file }}"'

Errors:

    -bash: line 1: $'SSH-2.0-OpenSSH_8.7\r': command not found
    Connection timed out during banner exchange
    Connection to UNKNOWN port 65535 timed out

Full Details:
Ansible Version / Playbook / group_vars settings: Ansible Version / Playbook / group_vars - Pastebin.com

Playbook error (-vvvv ): Create Tomcat Group Error - -vvvv Results - Pastebin.com

Successful connection using just the Proxy Command / aws call: AWS ec2-instance-connect - Pastebin.com

Any help is much appreciated.

This was never really resolved, but 2 findings will cause me to close this out:

1. Could never get the ec2-instance-connect ssh ProxyCommand to work. Ended up using ec2-instance-connect open-tunnel --instance-id XXX
2. Turns out EC2 Instance Connect shouldn’t really be used with Ansible - they SEVERELY limit the bandwidth going through Instance Connect One example is when I tried to copy 2 files that were less than 2 GB, I found that within same region it was ~3,000x slower, and across region it never finished

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.