How can I use the AWX credential variables in playbooks?

1,685 views
Skip to first unread message

Brent Clark

unread,
Apr 12, 2018, 6:57:43 PM4/12/18
to AWX Project
How can I use the AWX credential variables in playbooks? 

Im specifically looking to re-use the AWS Credential keys in a playbook that uses 'ec2_instance_facts' which requires the passing of the keys in order to work.

Thanks!

Brent

Matthew Jones

unread,
Apr 16, 2018, 11:32:22 AM4/16/18
to Brent Clark, AWX Project
In the case of the AWS credentials they'll be attached to a job run using the standard environment variables that the ec2 modules expect: AWS_ACCESS_KEY and AWS_SECRET_KEY

--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project+unsubscribe@googlegroups.com.
To post to this group, send email to awx-p...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/c1f56e91-266e-46f4-9be0-8e84bf9ab64e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Matt Jones
Principal Software Engineer
Ansible Tower

Brent Clark

unread,
Apr 16, 2018, 12:08:10 PM4/16/18
to AWX Project
I must be doing something wrong or mis-understanding how to access the variable. 

My Example, 
==========
- name: 'Gather EC2 instance info'  
  action: ec2_metadata_facts

- name: 'Get EC2 instance facts'
  ec2_instance_facts:
    region: "{{ ansible_ec2_placement_region }}"
    aws_access_key: "{{ AWS_ACCESS_KEY_ID }}"
    aws_secret_key: "{{ AWS_SECRET_ACCESS_KEY }}"
    filters:
      "instance-id": "{{ ansible_ec2_instance_id }}"
  register: ec2_blah

- debug: var=ec2_blah
==========

Error message
==========
FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'AWS_SECRET_ACCESS_KEY' is undefined
==========

On Monday, April 16, 2018 at 9:32:22 AM UTC-6, Matthew Jones wrote:
In the case of the AWS credentials they'll be attached to a job run using the standard environment variables that the ec2 modules expect: AWS_ACCESS_KEY and AWS_SECRET_KEY
On Thu, Apr 12, 2018 at 6:57 PM, Brent Clark <bcl...@tendrilinc.com> wrote:
How can I use the AWX credential variables in playbooks? 

Im specifically looking to re-use the AWS Credential keys in a playbook that uses 'ec2_instance_facts' which requires the passing of the keys in order to work.

Thanks!

Brent

--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.

To post to this group, send email to awx-p...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/c1f56e91-266e-46f4-9be0-8e84bf9ab64e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Brent Clark

unread,
Apr 16, 2018, 12:14:03 PM4/16/18
to AWX Project
I realized after posting below, that I was not using the variable for the secret like you mentioned. I fixed the code and reran it. 

I changed my code from "AWS_SECRET_ACCESS_KEY" to "AWS_SECRET_KEY"

==========
FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'AWS_SECRET_KEY' is undefined
==========

Matthew Jones

unread,
Apr 17, 2018, 6:43:57 PM4/17/18
to Brent Clark, AWX Project
You need to look up the environment variables, they aren't added as extra vars:


I will point out, however, that the ec2 modules use boto which will automatically pick them up out of the environment... have you tried running the playbook in AWX *without* setting aws_access_key and aws_secret_key?

To unsubscribe from this group and stop receiving emails from it, send an email to awx-project+unsubscribe@googlegroups.com.

To post to this group, send email to awx-p...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Brent Clark

unread,
Apr 18, 2018, 10:40:45 AM4/18/18
to AWX Project
I will give the env thing a try.

When I run the AWX job without setting aws_access_key and aws_secret_key I get this error 

NoCredentialsError: Unable to locate credentials

Brent Clark

unread,
Apr 18, 2018, 4:46:47 PM4/18/18
to AWX Project
This is what I finally got to work. Many thanks for the help and direciton :D

============
- name: 'Gather EC2 instance info'  
  action: ec2_metadata_facts      

- name: 'Get EC2 instance facts'
  ec2_instance_facts:
    region: "{{ ansible_ec2_placement_region }}"
    aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
    aws_secret_key: "{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"
    filters:
      "instance-id": "{{ ansible_ec2_instance_id }}"
============
Reply all
Reply to author
Forward
0 new messages