You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

aws_ec2 – ec2 inventory source¶

Synopsis
Requirements
Parameters
Examples
Status

Synopsis ¶

Get inventory hosts from Amazon Web Services EC2.
Uses a YAML configuration file that ends with aws_ec2.(yml|yaml).

Requirements ¶

The below requirements are needed on the local master node that executes this inventory.

boto3
botocore

Parameters ¶

Parameter	Choices/Defaults	Configuration	Comments
aws_access_key_id -		env:AWS_ACCESS_KEY_ID env:AWS_ACCESS_KEY env:EC2_ACCESS_KEY	The AWS access key to use. If you have specified a profile, you don't need to provide an access key/secret key/session token.
aws_secret_access_key -		env:AWS_SECRET_ACCESS_KEY env:AWS_SECRET_KEY env:EC2_SECRET_KEY	The AWS secret key that corresponds to the access key. If you have specified a profile, you don't need to provide an access key/secret key/session token.
aws_security_token -		env:AWS_SECURITY_TOKEN env:AWS_SESSION_TOKEN env:EC2_SECURITY_TOKEN	The AWS security token if using temporary access and secret keys.
boto_profile -		env:AWS_PROFILE env:AWS_DEFAULT_PROFILE	The boto profile to use.
cache boolean	Default: "no"	ini entries: [inventory] cache = no env:ANSIBLE_INVENTORY_CACHE	Toggle to enable/disable the caching of the inventory's source data, requires a cache plugin setup to work.
cache_connection -		ini entries: [inventory] cache_connection = VALUE env:ANSIBLE_INVENTORY_CACHE_CONNECTION	Cache connection data or path, read cache plugin documentation for specifics.
cache_plugin -		ini entries: [inventory] cache_plugin = VALUE env:ANSIBLE_INVENTORY_CACHE_PLUGIN	Cache plugin to use for the inventory's source data.
cache_timeout integer	Default: 3600	ini entries: [inventory] cache_timeout = 3600 env:ANSIBLE_INVENTORY_CACHE_TIMEOUT	Cache duration in seconds
compose dictionary	Default: {}		create vars from jinja2 expressions
filters dictionary	Default: {}		A dictionary of filter value pairs. Available filters are listed here http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options
groups dictionary	Default: {}		add hosts to group based on Jinja2 conditionals
hostnames list	Default: []		A list in order of precedence for hostname variables. You can use the options specified in http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html#options. To use tags as hostnames use the syntax tag:Name=Value to use the hostname Name_Value, or tag:Name to use the value of the Name tag.
keyed_groups list	Default: []		add hosts to group based on the values of a variable
plugin - / required	Choices: aws_ec2		token that ensures this is a source file for the 'aws_ec2' plugin.
regions list	Default: []		A list of regions in which to describe EC2 instances. If empty (the default) default this will include all regions, except possibly restricted ones like us-gov-west-1 and cn-north-1.
strict boolean	Default: "no"		If true make invalid entries a fatal error, otherwise skip and continue Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default.
strict_permissions boolean	Choices: no yes ←		By default if a 403 (Forbidden) is encountered this plugin will fail. You can set strict_permissions to False in the inventory config file which will allow 403 errors to be gracefully skipped.

Examples ¶

# Minimal example using environment vars or instance role credentials
# Fetch all hosts in us-east-1, the hostname is the public DNS if it exists, otherwise the private IP address
plugin: aws_ec2
regions:
  - us-east-1

# Example using filters, ignoring permission errors, and specifying the hostname precedence
plugin: aws_ec2
boto_profile: aws_profile
regions: # populate inventory with instances in these regions
  - us-east-1
  - us-east-2
filters:
  # all instances with their `Environment` tag set to `dev`
  tag:Environment: dev
  # all dev and QA hosts
  tag:Environment:
    - dev
    - qa
  instance.group-id: sg-xxxxxxxx
# ignores 403 errors rather than failing
strict_permissions: False
# note: I(hostnames) sets the inventory_hostname. To modify ansible_host without modifying
# inventory_hostname use compose (see example below).
hostnames:
  - tag:Name=Tag1,Name=Tag2  # return specific hosts only
  - tag:CustomDNSName
  - dns-name
  - private-ip-address

# Example using constructed features to create groups and set ansible_host
plugin: aws_ec2
regions:
  - us-east-1
  - us-west-1
# keyed_groups may be used to create custom groups
strict: False
keyed_groups:
  # add e.g. x86_64 hosts to an arch_x86_64 group
  - prefix: arch
    key: 'architecture'
  # add hosts to tag_Name_Value groups for each Name/Value tag pair
  - prefix: tag
    key: tags
  # add hosts to e.g. instance_type_z3_tiny
  - prefix: instance_type
    key: instance_type
  # create security_groups_sg_abcd1234 group for each SG
  - key: 'security_groups|json_query("[].group_id")'
    prefix: 'security_groups'
  # create a group for each value of the Application tag
  - key: tags.Application
    separator: ''
  # create a group per region e.g. aws_region_us_east_2
  - key: placement.region
    prefix: aws_region
# set individual variables with compose
compose:
  # use the private IP address to connect to the host
  # (note: this does not modify inventory_hostname, which is set via I(hostnames))
  ansible_host: private_ip_address

Status ¶

Authors¶

UNKNOWN

Hint

If you notice any issues in this documentation you can edit this document to improve it.