When we create an EC2 instance, we then run playbooks on the EC2 instance to harden it and configure it the way we need to.

Right now, I have a Python script with Boto3 retrieving tag information. I then pass the variables into an Ad-Hoc play, but I’m looking for an automated solution to this that I can put into Tower.

Am I on the right track or are there alternative/better options?

The gist of what I currently have is Python uses Boto3 to retrieve tag info.
An Ad-Hoc play is created with that tag value.
Python executes the Ad Hoc play.

The goal is to have Tower retrieve that Tag information, assign it to an Ansible variable, and then execute the play on the remote host.

`
import boto3
import os

instance_private_ip = ‘xx.xx.xx.xx’ # The Private IP is passed as an argument on CLI, using ArgParse: $ python foo.py --privateip 10.0.0.5
instance_id = ‘i-xxxxxxxx’ # The Instance ID is retrieved with another function that takes the EC2 Private IP as its argument.

instance_tag = get_instance_tag(instance_id) # This gets the tag in the instance.

Create the Ad Hoc command which makes a simple temp file named after the EC2 tag value

command = 'ansible all -i ’ + instance_private_ip + ', -m tempfile ’ + instance_tag + ‘.temp’

Run the Ad Hoc command, which should create /tmp/Bar.temp

os.system(command)

def get_instance_tag(instance_id):

Establish the EC2 Connection and Instance ID

ec2 = boto3.resource(‘ec2’)
ec2instance = ec2.Instance(instance_id)

instTag = ‘’

Loop through the tags and find the EC2 Foo key/value pair

for tags in ec2instance.tags:
if tags[“Key”] == “Foo”:
instTag = tags[“Value”] # Value is ‘Bar’
break
return instTag # Returns the value “Bar”
`