ec2 instance not reachable

Hi guys,
I need to set up some ec2 instances for my project and I am in the process of doing proof of concept.

My playbook creates an aws ec2 instance and I am using an already created security group that includes ssh however for some reason it is failing to open the port 22.
launch_east_cost_ec2.yml:

• name: Launch new EC2 instance
  hosts: localhost
  connection: local
  gather_facts: false
  vars:
  pem: keyname
  reg: us-east-1

tasks:

• name: create ec2 instance with default values
  ec2:
  instance_type: t2.micro
  image: ami-xxxxxxxxxxx
  region: “{{ reg }}”
  keypair: “{{ pem }}”
  aws_access_key: xx
  aws_secret_key: xxxxxxxxxxx
• name: add ssh to ec2
  ec2_group:
  name: setup_ssh_connection
  description: a setup ssh connection for ec2
  vpc_id: vpc-xxxx
  region: “{{ reg }}”
  rules:
• proto: tcp
  ports:
• 22
  cidr_ip: 0.0.0.0/0
  group_id: xxxxx
• name: wait for rsystem to become reachable
  wait_for_connection:
  timeout: 3600 → i changed to few different values but no luck.

Output:

TASK [add ssh to ec2] ************************************************************************************************************************************************************************
[WARNING]: Ran out of time waiting for sg-xxxxx IpPermissions. Current: set([Rule(port_range=(22, 22), protocol=u’tcp’, target=(‘2345423355’, ‘sg-xxxxxxxxxx’, None),
target_type=‘group’, description=None), Rule(port_range=(22, 22), protocol=u’tcp’, target=‘0.0.0.0/0’, target_type=‘ipv4’, description=None)]), Desired: [Rule(port_range=(22, 22),
protocol=u’tcp’, target=‘sg-xxxxxxxxxx’, target_type=‘group’, description=None), Rule(port_range=(22, 22), protocol=u’tcp’, target=‘0.0.0.0/0’, target_type=‘ipv4’, description=None)]
changed: [localhost]

TASK [wait fo rsystem to become reachable] ***************************************************************************************************************************************************
[WARNING]: Reset is not implemented for this connection
ok: [localhost]

PLAY RECAP ***********************************************************************************************************************************************************************************
localhost : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Please advise what is missing.

Thank you in advance.
Sanjay

A security group has no effect until it is attached to an interface.

You will need to attach your new security group to the interface on the EC2 instance before you will be able to reach the instance on port 22.

Regards, K.

Thank you Karl.
Looks like interface instance attach failing. In order to get the instance id I am using ec2_instance_info and then use that to obtain the ec2 instance id to attach before ssh. But something wrong in syntax, any idea please ?

• name: get the instance info
  ec2_instance_info:
  filters:
  “tag:Name”: poc_1
  register: ec2_out
• name: Create an ENI and attach the interface
  ec2_eni:
  subnet_id: subnet-xxx
  #instance_id: “{{ ec2_out.instance.instance_id }}”
  instance_id: “{{ ec2_out.[0] }}:{{instance.instance_id }}”
  state: present
  attached: yes
• name: add ssh to ec2
  ec2_group:
  name: setup_ssh_connection
  description: a setup ssh connection for ec2
  vpc_id: vpc-xxx
  region: “{{ reg }}”
  rules:
• proto: tcp
  ports:
• 22
  cidr_ip: 0.0.0.0/0
  group_id: sg-xxxxxx
• name: wait fo rsystem to become reachable
  wait_for_connection:
  timeout: 3600

TASK [Create an ENI and attach the interface] ****************************************************************************************
task path: /home/ansadmin/env_aws/launch_new_ec2.yml:24
fatal: [localhost]: FAILED! => {
“msg”: “template error while templating string: expected name or number. String: {{ ec2_out.[0] }}:{{instance.instance_id }}”
}

PLAY RECAP ***************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0

Thanks.
Sanjay