amazon.aws.ec2_ami module – Create or destroy an image (AMI) in ec2
Note
This module is part of the amazon.aws collection (version 2.3.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install amazon.aws
.
To use it in a playbook, specify: amazon.aws.ec2_ami
.
New in version 1.0.0: of amazon.aws
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.6
boto3 >= 1.15.0
botocore >= 1.18.0
Parameters
Parameter |
Comments |
---|---|
The target architecture of the image to register Default: “x86_64” |
|
If profile is set this parameter is ignored. Passing the aws_access_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. |
|
The location of a CA Bundle to use when validating SSL certificates. Not used by boto 2 based modules. Note: The CA Bundle is read ‘module’ side and may need to be explicitly copied from the controller if not run locally. |
|
A dictionary to modify the botocore configuration. Parameters can be found at https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config. Only the ‘user_agent’ key is used for boto modules. See http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto for more boto configuration. |
|
If profile is set this parameter is ignored. Passing the aws_secret_key and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. |
|
A list of valid billing codes. To be used with valid accounts by aws marketplace vendors. |
|
Use a botocore.endpoint logger to parse the unique (rather than total) “resource:action” API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used. Choices:
|
|
Delete snapshots when deregistering the AMI. Choices:
|
|
Human-readable string describing the contents and purpose of the AMI. |
|
List of device hashes/dictionaries with custom configurations (same block-device-mapping parameters). |
|
Whether the device should be automatically deleted when the Instance is terminated. Choices:
|
|
The device name. For example |
|
Whether the volume should be encrypted. Choices:
|
|
When using an |
|
Suppresses the specified device included in the block device mapping of the AMI. Alias Choices:
|
|
The ID of the Snapshot. |
|
The virtual name for the device. See the AWS documentation for more detail https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BlockDeviceMapping.html. Alias |
|
The size of the volume (in GiB) |
|
The volume type. Defaults to |
|
URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used. |
|
A boolean representing whether enhanced networking with ENA is enabled or not. Choices:
|
|
Image ID to be deregistered. |
|
The s3 location of an image to use for the AMI. |
|
Instance ID to create the AMI from. |
|
The target kernel id of the image to register. |
|
Users and groups that should be able to launch the AMI. Expects dictionary with a key of user_ids and/or group_names. user_ids should be a list of account ids. group_name should be a list of groups, “all” is the only acceptable value currently. You must pass all desired launch permissions if you wish to modify existing launch permissions (passing just groups will remove all users) |
|
The name of the new AMI. |
|
Flag indicating that the bundling process should not attempt to shutdown the instance before bundling. If this flag is True, the responsibility of maintaining file system integrity is left to the owner of the instance. Choices:
|
|
Using profile will override aws_access_key, aws_secret_key and security_token and support for passing them at the same time as profile has been deprecated. aws_access_key, aws_secret_key and security_token will be made mutually exclusive with profile after 2022-06-01. |
|
Whether to remove existing tags that aren’t passed in the Choices:
|
|
The ID of the RAM disk. |
|
The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region |
|
The root device name of the image to register. |
|
If profile is set this parameter is ignored. Passing the security_token and profile options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. |
|
Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the AMI and any instances that you launch from the AMI. |
|
Register or deregister an AMI. Choices:
|
|
A dictionary of tags to add to the new image; ‘{“key”:”value”}’ and ‘{“key”:”value”,”key”:”value”}’ |
|
When set to “no”, SSL certificates will not be validated for communication with the AWS APIs. Choices:
|
|
The virtualization type of the image to register. Default: “hvm” |
|
Wait for the AMI to be in state ‘available’ before returning. Choices:
|
|
How long before wait gives up, in seconds. Default: 1200 |
Notes
Note
If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence
AWS_URL
orEC2_URL
,AWS_PROFILE
orAWS_DEFAULT_PROFILE
,AWS_ACCESS_KEY_ID
orAWS_ACCESS_KEY
orEC2_ACCESS_KEY
,AWS_SECRET_ACCESS_KEY
orAWS_SECRET_KEY
orEC2_SECRET_KEY
,AWS_SECURITY_TOKEN
orEC2_SECURITY_TOKEN
,AWS_REGION
orEC2_REGION
,AWS_CA_BUNDLE
When no credentials are explicitly provided the AWS SDK (boto3) that Ansible uses will fall back to its configuration files (typically
~/.aws/credentials
). See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html for more information.Modules based on the original AWS SDK (boto) may read their default configuration from different files. See https://boto.readthedocs.io/en/latest/boto_config_tut.html for more information.
AWS_REGION
orEC2_REGION
can be typically be used to specify the AWS region, when required, but this can also be defined in the configuration files.
Examples
# Note: These examples do not set authentication details, see the AWS Guide for details.
- name: Basic AMI Creation
amazon.aws.ec2_ami:
instance_id: i-xxxxxx
wait: yes
name: newtest
tags:
Name: newtest
Service: TestService
- name: Basic AMI Creation, without waiting
amazon.aws.ec2_ami:
instance_id: i-xxxxxx
wait: no
name: newtest
- name: AMI Registration from EBS Snapshot
amazon.aws.ec2_ami:
name: newtest
state: present
architecture: x86_64
virtualization_type: hvm
root_device_name: /dev/xvda
device_mapping:
- device_name: /dev/xvda
volume_size: 8
snapshot_id: snap-xxxxxxxx
delete_on_termination: true
volume_type: gp2
- name: AMI Creation, with a custom root-device size and another EBS attached
amazon.aws.ec2_ami:
instance_id: i-xxxxxx
name: newtest
device_mapping:
- device_name: /dev/sda1
size: XXX
delete_on_termination: true
volume_type: gp2
- device_name: /dev/sdb
size: YYY
delete_on_termination: false
volume_type: gp2
- name: AMI Creation, excluding a volume attached at /dev/sdb
amazon.aws.ec2_ami:
instance_id: i-xxxxxx
name: newtest
device_mapping:
- device_name: /dev/sda1
size: XXX
delete_on_termination: true
volume_type: gp2
- device_name: /dev/sdb
no_device: yes
- name: Deregister/Delete AMI (keep associated snapshots)
amazon.aws.ec2_ami:
image_id: "{{ instance.image_id }}"
delete_snapshot: False
state: absent
- name: Deregister AMI (delete associated snapshots too)
amazon.aws.ec2_ami:
image_id: "{{ instance.image_id }}"
delete_snapshot: True
state: absent
- name: Update AMI Launch Permissions, making it public
amazon.aws.ec2_ami:
image_id: "{{ instance.image_id }}"
state: present
launch_permissions:
group_names: ['all']
- name: Allow AMI to be launched by another account
amazon.aws.ec2_ami:
image_id: "{{ instance.image_id }}"
state: present
launch_permissions:
user_ids: ['123456789012']
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Architecture of image. Returned: when AMI is created or already exists Sample: “x86_64” |
|
Block device mapping associated with image. Returned: when AMI is created or already exists Sample: {“/dev/sda1”: {“delete_on_termination”: true, “encrypted”: false, “size”: 10, “snapshot_id”: “snap-1a03b80e7”, “volume_type”: “standard”}} |
|
Creation date of image. Returned: when AMI is created or already exists Sample: “2015-10-15T22:43:44.000Z” |
|
Description of image. Returned: when AMI is created or already exists Sample: “nat-server” |
|
Type of hypervisor. Returned: when AMI is created or already exists Sample: “xen” |
|
ID of the image. Returned: when AMI is created or already exists Sample: “ami-1234abcd” |
|
Whether image is public. Returned: when AMI is created or already exists Sample: false |
|
Permissions allowing other accounts to access the AMI. Returned: when AMI is created or already exists Sample: [{“group”: “all”}] |
|
Location of image. Returned: when AMI is created or already exists Sample: “315210894379/nat-server” |
|
AMI name of image. Returned: when AMI is created or already exists Sample: “nat-server” |
|
Owner of image. Returned: when AMI is created or already exists Sample: “435210894375” |
|
Platform of image. Returned: when AMI is created or already exists |
|
Root device name of image. Returned: when AMI is created or already exists Sample: “/dev/sda1” |
|
Root device type of image. Returned: when AMI is created or already exists Sample: “ebs” |
|
A list of snapshot ids deleted after deregistering image. Returned: after AMI is deregistered, if delete_snapshot=true Sample: [“snap-fbcccb8f”, “snap-cfe7cdb4”] |
|
State of image. Returned: when AMI is created or already exists Sample: “available” |
|
A dictionary of tags assigned to image. Returned: when AMI is created or already exists Sample: {“Env”: “devel”, “Name”: “nat-server”} |
|
Image virtualization type. Returned: when AMI is created or already exists Sample: “hvm” |
Authors
Evan Duffield (@scicoin-project)
Constantin Bugneac (@Constantin07)
Ross Williams (@gunzy83)
Willem van Ketwich (@wilvk)