Here is my role

---

• name: Launch instance
  ec2:
  region: ‘{{ region }}’
  zone: ‘{{ zone }}’
  keypair: ‘{{ keypair }}’
  group: ‘{{ security_group }}’
  image: ‘{{ image }}’
  instance_type: ‘{{ instance_type | default(“t2.micro”) }}’
  instance_profile_name: ‘{{ instance_profile_name | default(omit) }}’
  count: ‘{{ instance_count | default(1) }}’
  vpc_subnet_id: ‘{{vpc_subnet_id | default(omit)}}’
  instance_tags: ‘{“Name”:“{{tag_name}}”,“customer”:“{{tag_customer}}”,“project”:“{{tag_project}}”,“roleis”:“{{tag_role}}”,“environment”:“{{env}}”,“node”:“{{tag_node}}”}’
  wait: yes
  volumes:
  device_name: /dev/sdb
  device_type: gp2
  volume_size: “{{volume_size}}”
  delete_on_termination: false
  encrypted: true
  monitoring: no
  register: ec2

Use with_items to add each instances public IP to a new hostgroup for use in the next play.

• name: Add new instances to host group
  add_host:
  name: ‘{{item.public_dns_name}}’
  groups: launch
  with_items: ec2.instances

• name: Wait for SSH to be available
  wait_for:
  host: ‘{{item.public_dns_name}}’
  port: 22
  delay: 60
  timeout: 480
  state: started
  with_items: ec2.instances

This isn’t working for some reason
ansible 2.0.0 (devel de52cfb5d7)

Disk encryption is not supported on a t2.micro instance. You need to use a supported instance size and then it should work. Did the instance creation fail? My guess is it should, but perhaps that depends on what AWS/boto sends back.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

D

Surprisingly, even with m3.large, which is a supported instance type for EBS encryption , Volume (100GB) is not being created with encryption enabled.

Checked the code in ec2.py that came along with my ansible version, As it turns out this version ansible 2.0.0 (devel de52cfb5d7) doesn’t have the ec2.py with encryption support