how use aws profile when using ansible ec2.py module

Archives Ansible Project
1

I wrote a quick ansible playbook to launch a simple ec2 instance but I think I have an issue on how I want to authenticate.

What I don’t want to do is set my aws access/secret keys as env variables since they expire each hour and I need to regenerate the ~/.aws/credentials file via a script.

Right now, my ansible playbook looks like this:

— # Launch ec2

  • name: Create ec2 instance
    hosts: local
    connection: local
    gather_facts: false
    vars:
    profile: profile_xxxx
    key_pair: usrxxx
    region: us-east-1
    subnet: subnet-38xxxxx
    security_groups: [‘sg-e54xxxx’, ‘sg-bfcxxxx’, ‘sg-a9dxxx’]
    image: ami-031xxx
    instance_type: t2.small
    num_instances: 1
    tag_name: ansibletest
    hdd_volumes:
  • device_name: /dev/sdf
    volume_size: 50
    delete_on_termination: true
  • device_name: /dev/sdh
    volume_size: 50
    delete_on_termination: true
    tasks:
  • name: launch ec2
    ec2:
    count: 1
    key_name: “{{ key_pair }}”
    profile: “{{ profile }}”
    group_id: “{{ security_groups }}”
    instance_type: “{{ instance_type }}”
    image: “{{ image }}”
    region: “{{ region }}”
    vpc_subnet_id: “{{ subnet }}”
    assign_public_ip: false
    volumes: “{{ hdd_volumes }}”
    instance_tags:
    Name: “{{ tag_name }}”
    ASV: “{{ tag_asv }}”
    CMDBEnvironment: “{{ tag_cmdbEnv }}”
    EID: “{{ tag_eid }}”
    OwnerContact: “{{ tag_eid }}”
    register: ec2
  • name: print ec2 vars
    debug: var=ec

my hosts file is this:

[local]
localhost ansible_python_interpreter=/usr/local/bin/python2.7

I run my playbook like this:

ansible-playbook -i hosts launchec2.yml -vvv

and then get this back:

PLAYBOOK: launchec2.yml ********************************************************
1 plays in launchec2.yml

PLAY [Create ec2 instance] *****************************************************

TASK [launch ec2] **************************************************************
task path: /Users/usrxxx/Desktop/cloud-jumper/Ansible/launchec2.yml:27
Using module file /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/ansible/modules/core/cloud/amazon/ec2.py
ESTABLISH LOCAL CONNECTION FOR USER: usrxxx
EXEC /bin/sh -c ‘( umask 77 && mkdir -p “echo ~/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730” && echo ansible-tmp-1485527483.82-106272618422730=“echo ~/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730” ) && sleep 0’
PUT /var/folders/cx/_fdv7nkn6dz21798p_bn9dp9ln9sqc/T/tmpnk2rh5 TO /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py
PUT /var/folders/cx/_fdv7nkn6dz21798p_bn9dp9ln9sqc/T/tmpEpwenH TO /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args
EXEC /bin/sh -c ‘chmod u+x /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args && sleep 0’
EXEC /bin/sh -c ‘/usr/bin/env python /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args; rm -rf “/Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/” > /dev/null 2>&1 && sleep 0’
fatal: [localhost]: FAILED! => {
“changed”: false,
“failed”: true,
“invocation”: {
“module_name”: “ec2”
},
“module_stderr”: “usage: ec2.py [-h] [–list] [–host HOST] [–refresh-cache]\n [–profile BOTO_PROFILE]\nec2.py: error: unrecognized arguments: /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args\n”,
“module_stdout”: “”,
“msg”: “MODULE FAILURE”
}
to retry, use: --limit @/Users/usrxxx/Desktop/cloud-jumper/Ansible/launchec2.retry

PLAY RECAP *********************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1

I noticed in the ec2.py file it says this:

NOTE: This script assumes Ansible is being executed where the environment
variables needed for Boto have already been set:
export AWS_ACCESS_KEY_ID=‘AK123’
export AWS_SECRET_ACCESS_KEY=‘abc123’

This script also assumes there is an ec2.ini file alongside it. To specify a
different path to ec2.ini, define the EC2_INI_PATH environment variable:

export EC2_INI_PATH=/path/to/my_ec2.ini

If you’re using eucalyptus you need to set the above variables and
you need to define:

export EC2_URL=http://hostname_of_your_cc:port/services/Eucalyptus

If you’re using boto profiles (requires boto>=2.24.0) you can choose a profile
using the --boto-profile command line argument (e.g. ec2.py --boto-profile prod) or using
the AWS_PROFILE variable:

AWS_PROFILE=prod ansible-playbook -i ec2.py myplaybook.yml

so I ran it like this:

AWS_PROFILE=profile_xxxx ansible-playbook -i hosts launchec2.yml -vvv

but still got the same results…

2

Hi did you get anywhere with this?

I’m trying really hard to get ec2.py to run with a boto profile representing a role in which I have assigned to the instance. My motivation is very much like yours in which I do not wish to have the creds set as environment variables.

Thanks