How can I use the AWX credential variables in playbooks?

Brent Clark

unread,

Apr 12, 2018, 6:57:43 PM4/12/18

to AWX Project

Im specifically looking to re-use the AWS Credential keys in a playbook that uses 'ec2_instance_facts' which requires the passing of the keys in order to work.

Thanks!

Brent

Matthew Jones

unread,

Apr 16, 2018, 11:32:22 AM4/16/18

to Brent Clark, AWX Project

In the case of the AWS credentials they'll be attached to a job run using the standard environment variables that the ec2 modules expect: AWS_ACCESS_KEY and AWS_SECRET_KEY

--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project+unsubscribe@googlegroups.com.
To post to this group, send email to awx-p...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/c1f56e91-266e-46f4-9be0-8e84bf9ab64e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Matt Jones

Principal Software Engineer

Ansible Tower

Brent Clark

unread,

Apr 16, 2018, 12:08:10 PM4/16/18

to AWX Project

I must be doing something wrong or mis-understanding how to access the variable.

My Example,

==========

- name: 'Gather EC2 instance info'

action: ec2_metadata_facts

- name: 'Get EC2 instance facts'

ec2_instance_facts:

region: "{{ ansible_ec2_placement_region }}"

aws_access_key: "{{ AWS_ACCESS_KEY_ID }}"

aws_secret_key: "{{ AWS_SECRET_ACCESS_KEY }}"

filters:

"instance-id": "{{ ansible_ec2_instance_id }}"

register: ec2_blah

- debug: var=ec2_blah

==========

Error message

==========

FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'AWS_SECRET_ACCESS_KEY' is undefined

==========

On Monday, April 16, 2018 at 9:32:22 AM UTC-6, Matthew Jones wrote:

In the case of the AWS credentials they'll be attached to a job run using the standard environment variables that the ec2 modules expect: AWS_ACCESS_KEY and AWS_SECRET_KEY

On Thu, Apr 12, 2018 at 6:57 PM, Brent Clark <bcl...@tendrilinc.com> wrote:

How can I use the AWX credential variables in playbooks?

Im specifically looking to re-use the AWS Credential keys in a playbook that uses 'ec2_instance_facts' which requires the passing of the keys in order to work.

Thanks!

Brent

--
You received this message because you are subscribed to the Google Groups "AWX Project" group.

To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.

To post to this group, send email to awx-p...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/c1f56e91-266e-46f4-9be0-8e84bf9ab64e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Brent Clark

unread,

Apr 16, 2018, 12:14:03 PM4/16/18

to AWX Project

I realized after posting below, that I was not using the variable for the secret like you mentioned. I fixed the code and reran it.

I changed my code from "AWS_SECRET_ACCESS_KEY" to "AWS_SECRET_KEY"

==========

FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'AWS_SECRET_KEY' is undefined

==========

Matthew Jones

unread,

Apr 17, 2018, 6:43:57 PM4/17/18

to Brent Clark, AWX Project

You need to look up the environment variables, they aren't added as extra vars:

https://docs.ansible.com/ansible/2.5/plugins/lookup/env.html

I will point out, however, that the ec2 modules use boto which will automatically pick them up out of the environment... have you tried running the playbook in AWX *without* setting aws_access_key and aws_secret_key?

To unsubscribe from this group and stop receiving emails from it, send an email to awx-project+unsubscribe@googlegroups.com.

To post to this group, send email to awx-p...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/6748de13-105f-4938-9184-7a2fb88d0e3c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Brent Clark

unread,

Apr 18, 2018, 10:40:45 AM4/18/18

to AWX Project

I will give the env thing a try.

When I run the AWX job without setting aws_access_key and aws_secret_key I get this error

NoCredentialsError: Unable to locate credentials

To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/6748de13-105f-4938-9184-7a2fb88d0e3c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Brent Clark

unread,

Apr 18, 2018, 4:46:47 PM4/18/18

to AWX Project

This is what I finally got to work. Many thanks for the help and direciton :D

============

- name: 'Gather EC2 instance info'

action: ec2_metadata_facts

- name: 'Get EC2 instance facts'

ec2_instance_facts:

region: "{{ ansible_ec2_placement_region }}"

aws_access_key: "{{ lookup('env','AWS_ACCESS_KEY_ID') }}"

aws_secret_key: "{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"

filters:

"instance-id": "{{ ansible_ec2_instance_id }}"

============

Reply all

Reply to author

Forward