how use aws profile when using ansible ec2.py module

[Ronak Patel]

I wrote a quick ansible playbook to launch a simple ec2 instance but I think I have an issue on how I want to authenticate. 

What I don't want to do is set my aws access/secret keys as env variables since they expire each hour and I need to regenerate the `~/.aws/credentials` file via a script. 

Right now, my ansible playbook looks like this:

    --- # Launch ec2

    - name: Create ec2 instance

      hosts: local

      connection: local

      gather_facts: false

      vars:

        profile: profile_xxxx

        key_pair: usrxxx

        region: us-east-1

        subnet: subnet-38xxxxx

        security_groups: ['sg-e54xxxx', 'sg-bfcxxxx', 'sg-a9dxxx']

        image: ami-031xxx

        instance_type: t2.small

        num_instances: 1

        tag_name: ansibletest

        hdd_volumes:

        - device_name: /dev/sdf

          volume_size: 50

          delete_on_termination: true

        - device_name: /dev/sdh

          volume_size: 50

          delete_on_termination: true

      tasks:

        - name: launch ec2

          ec2:

            count: 1

            key_name: "{{ key_pair }}"

            profile: "{{ profile }}"

            group_id: "{{ security_groups }}"

            instance_type: "{{ instance_type }}"

            image: "{{ image }}"

            region: "{{ region }}"

            vpc_subnet_id: "{{ subnet }}"

            assign_public_ip: false

            volumes: "{{ hdd_volumes }}"

            instance_tags:

              Name: "{{ tag_name }}"

              ASV: "{{ tag_asv }}"

              CMDBEnvironment: "{{ tag_cmdbEnv }}"

              EID: "{{ tag_eid }}"

              OwnerContact: "{{ tag_eid }}"

          register: ec2

        - name: print ec2 vars

          debug: var=ec

my hosts file is this:

    [local]

    localhost ansible_python_interpreter=/usr/local/bin/python2.7

I run my playbook like this:

    ansible-playbook -i hosts launchec2.yml -vvv

and then get this back:

    PLAYBOOK: launchec2.yml ********************************************************

    1 plays in launchec2.yml

    

    PLAY [Create ec2 instance] *****************************************************

    

    TASK [launch ec2] **************************************************************

    task path: /Users/usrxxx/Desktop/cloud-jumper/Ansible/launchec2.yml:27

    Using module file /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/ansible/modules/core/cloud/amazon/ec2.py

    <localhost> ESTABLISH LOCAL CONNECTION FOR USER: usrxxx

    <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730 `" && echo ansible-tmp-1485527483.82-106272618422730="` echo ~/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730 `" ) && sleep 0'

    <localhost> PUT /var/folders/cx/_fdv7nkn6dz21798p_bn9dp9ln9sqc/T/tmpnk2rh5 TO /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py

    <localhost> PUT /var/folders/cx/_fdv7nkn6dz21798p_bn9dp9ln9sqc/T/tmpEpwenH TO /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args

    <localhost> EXEC /bin/sh -c 'chmod u+x /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args && sleep 0'

    <localhost> EXEC /bin/sh -c '/usr/bin/env python /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/ec2.py /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args; rm -rf "/Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/" > /dev/null 2>&1 && sleep 0'

    fatal: [localhost]: FAILED! => {

        "changed": false, 

        "failed": true, 

        "invocation": {

            "module_name": "ec2"

        }, 

        "module_stderr": "usage: ec2.py [-h] [--list] [--host HOST] [--refresh-cache]\n              [--profile BOTO_PROFILE]\nec2.py: error: unrecognized arguments: /Users/usrxxx/.ansible/tmp/ansible-tmp-1485527483.82-106272618422730/args\n", 

        "module_stdout": "", 

        "msg": "MODULE FAILURE"

    }

    to retry, use: --limit @/Users/usrxxx/Desktop/cloud-jumper/Ansible/launchec2.retry

    

    PLAY RECAP *********************************************************************

    localhost                  : ok=0    changed=0    unreachable=0    failed=1 

I noticed in the `ec2.py` file it says this:

    NOTE: This script assumes Ansible is being executed where the environment

    variables needed for Boto have already been set:

        export AWS_ACCESS_KEY_ID='AK123'

        export AWS_SECRET_ACCESS_KEY='abc123'

    

    This script also assumes there is an ec2.ini file alongside it.  To specify a

    different path to ec2.ini, define the EC2_INI_PATH environment variable:

    

        export EC2_INI_PATH=/path/to/my_ec2.ini

    

    If you're using eucalyptus you need to set the above variables and

    you need to define:

    

        export EC2_URL=http://hostname_of_your_cc:port/services/Eucalyptus

    

    If you're using boto profiles (requires boto>=2.24.0) you can choose a profile

    using the --boto-profile command line argument (e.g. ec2.py --boto-profile prod) or using

    the AWS_PROFILE variable:

    

        AWS_PROFILE=prod ansible-playbook -i ec2.py myplaybook.yml

so I ran it like this:

     

    AWS_PROFILE=profile_xxxx ansible-playbook -i hosts launchec2.yml -vvv

but still got the same results...

[Ronak Patel]

[Caley Goff]

Hi did you get anywhere with this?

I'm trying really hard to get ec2.py to run with a boto profile representing a role in which I have assigned to the instance. My motivation is very much like yours in which I do not wish to have the creds set as environment variables.

Thanks