@ -27,8 +27,13 @@ options:
required : true
key_file :
description :
- Path to the file containing the key pair used on the instance .
required : true
- Path to the file containing the key pair used on the instance , conflicts with key_data .
required : false
key_data :
version_added : " 2.8 "
description :
- Variable that references the private key ( usually stored in vault ) , conflicts with key_file .
required : false
key_passphrase :
version_added : " 2.0 "
description :
@ -67,6 +72,14 @@ EXAMPLES = '''
region : us - east - 1
key_file : " ~/aws-creds/my_test_key.pem "
# Example of getting a password using a variable
- name : get the Administrator password
ec2_win_password :
profile : my - boto - profile
instance_id : i - XXXXXX
region : us - east - 1
key_data : " {{ ec2_private_key }} "
# Example of getting a password with a password protected key
- name : get the Administrator password
ec2_win_password :
@ -108,8 +121,9 @@ def main():
argument_spec = ec2_argument_spec ( )
argument_spec . update ( dict (
instance_id = dict ( required = True ) ,
key_file = dict ( required = Tru e, type = ' path ' ) ,
key_file = dict ( required = False, default = Non e, type = ' path ' ) ,
key_passphrase = dict ( no_log = True , default = None , required = False ) ,
key_data = dict ( no_log = True , default = None , required = False ) ,
wait = dict ( type = ' bool ' , default = False , required = False ) ,
wait_timeout = dict ( default = 120 , required = False , type = ' int ' ) ,
)
@ -124,6 +138,7 @@ def main():
instance_id = module . params . get ( ' instance_id ' )
key_file = module . params . get ( ' key_file ' )
key_data = module . params . get ( ' key_data ' )
if module . params . get ( ' key_passphrase ' ) is None :
b_key_passphrase = None
else :
@ -151,16 +166,21 @@ def main():
if wait and datetime . datetime . now ( ) > = end :
module . fail_json ( msg = " wait for password timeout after %d seconds " % wait_timeout )
try :
f = open ( key_file , ' rb ' )
except IOError as e :
module . fail_json ( msg = " I/O error ( %d ) opening key file: %s " % ( e . errno , e . strerror ) )
else :
if key_file is not None and key_data is None :
try :
with f :
with open ( key_file , ' rb ' ) as f :
key = load_pem_private_key ( f . read ( ) , b_key_passphrase , default_backend ( ) )
except IOError as e :
# Handle bad files
module . fail_json ( msg = " I/O error ( %d ) opening key file: %s " % ( e . errno , e . strerror ) )
except ( ValueError , TypeError ) as e :
# Handle issues loading key
module . fail_json ( msg = " unable to parse key file " )
elif key_data is not None and key_file is None :
try :
key = load_pem_private_key ( key_data , b_key_passphrase , default_backend ( ) )
except ( ValueError , TypeError ) as e :
module . fail_json ( msg = " unable to parse key data " )
try :
decrypted = key . decrypt ( decoded , PKCS1v15 ( ) )