diff --git a/changelogs/fragments/authorized_key_symlinks.yaml b/changelogs/fragments/authorized_key_symlinks.yaml
new file mode 100644
index 00000000000..6293792af0e
--- /dev/null
+++ b/changelogs/fragments/authorized_key_symlinks.yaml
@@ -0,0 +1,4 @@
+---
+bugfixes:
+- authorized_key now have an option for following symlinks,
+  default behaviour (False) can be changed by setting follow True/False
diff --git a/lib/ansible/modules/system/authorized_key.py b/lib/ansible/modules/system/authorized_key.py
index c8da47c2e1c..f5944a8c391 100644
--- a/lib/ansible/modules/system/authorized_key.py
+++ b/lib/ansible/modules/system/authorized_key.py
@@ -78,6 +78,12 @@ options:
         cases such as fetching it from GitHub or GitLab.
       - If no comment is specified, the existing comment will be kept.
     version_added: "2.4"
+  follow:
+    description:
+      - Follow path symlink instead of replacing it
+    type: bool
+    default: 'no'
+    version_added: "2.7"
 author: "Ansible Core Team"
 '''
 
@@ -284,7 +290,7 @@ class keydict(dict):
         return [item[1] for item in self.items()]
 
 
-def keyfile(module, user, write=False, path=None, manage_dir=True):
+def keyfile(module, user, write=False, path=None, manage_dir=True, follow=False):
     """
     Calculate name of authorized keys file, optionally creating the
     directories and file, properly setting permissions.
@@ -293,11 +299,16 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
     :param bool write: if True, write changes to authorized_keys file (creating directories if needed)
     :param str path: if not None, use provided path rather than default of '~user/.ssh/authorized_keys'
     :param bool manage_dir: if True, create and set ownership of the parent dir of the authorized_keys file
+    :param bool follow: if True symlinks will be followed and not replaced
     :return: full path string to authorized_keys for user
     """
 
     if module.check_mode and path is not None:
         keysfile = path
+
+        if follow:
+            return os.path.realpath(keysfile)
+
         return keysfile
 
     try:
@@ -314,6 +325,9 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
         sshdir = os.path.dirname(path)
         keysfile = path
 
+    if follow:
+        keysfile = os.path.realpath(keysfile)
+
     if not write:
         return keysfile
 
@@ -518,6 +532,7 @@ def enforce_state(module, params):
     key_options = params.get("key_options", None)
     exclusive = params.get("exclusive", False)
     comment = params.get("comment", None)
+    follow = params.get('follow', False)
     error_msg = "Error getting key from: %s"
 
     # if the key is a url, request it and use it as key source
@@ -613,7 +628,7 @@ def enforce_state(module, params):
             do_write = True
 
     if do_write:
-        filename = keyfile(module, user, do_write, path, manage_dir)
+        filename = keyfile(module, user, do_write, path, manage_dir, follow)
         new_content = serialize(existing_keys)
 
         diff = None
@@ -650,6 +665,7 @@ def main():
             exclusive=dict(default=False, type='bool'),
             comment=dict(required=False, default=None, type='str'),
             validate_certs=dict(default=True, type='bool'),
+            follow=dict(default=False, type='bool')
         ),
         supports_check_mode=True
     )