redhat-cop · GomathiselviS · Dec 13, 2024 · Dec 12, 2024 · Dec 13, 2024 · Dec 13, 2024
diff --git a/extensions/patterns/configure_ec2/README.md b/extensions/patterns/configure_ec2/README.md
@@ -4,6 +4,12 @@
 
 This pattern is designed to help get an EC2 instance up and running.
 
+To enable SSH access to the EC2 instance from your local machine, you need to do 2 things:
-To enable SSH access to the EC2 instance from your local machine, you need to do 2 things:
+To enable SSH access to the EC2 instance from your local machine, following 2 actions are required:
-To enable SSH access to the EC2 instance from your local machine, you need to do 2 things:
+To enable SSH access to the EC2 instance from your local machine, following 2 actions are required:
+
+1. **Provide a Key Name**: Enter a key name in the **key_name** parameter in the survey. A new key will be created (or an existing key with the specified namewill be used) and associated with the EC2 instance. Be sure to save the private key value provided at the end of the job run, as you'll need it for future access to the instance.
+
+2. **Add a Security Group Rule for SSH Access**: Configure a security group rule to allow inbound SSH traffic from your local machine's IP address. Provide this rule in the **sg_rules** parameter in the survey.
+
 ## What This Pattern Covers
 
 ### Projects

diff --git a/extensions/patterns/configure_ec2/playbooks/create_ec2_instance.yml b/extensions/patterns/configure_ec2/playbooks/create_ec2_instance.yml
@@ -14,6 +14,11 @@
       ansible.builtin.set_fact:
         final_sg_rules: "{{ create_external_access_resources | ternary(sg_rules_list + allow_external_access_sg_rules, sg_rules_list) }}"
 
+    - name: Set manage_ec2_instance_key_name role var
+      ansible.builtin.set_fact:
+        manage_ec2_instance_key_name: "{{ key_name }}"
+      when: key_name is defined
+
     - name: Get RHEL 9 AMI ID if needed
       when: ami_id | default("", true) == ""
       block:
@@ -28,7 +33,7 @@
         - name: Update ami_id variable
           ansible.builtin.set_fact:
             ami_id: "{{ (images.images | sort(attribute='name') | last).image_id }}"
-
+    
     - name: Create networking resources
       ansible.builtin.include_role:
         name: cloud.aws_ops.ec2_networking_resources
@@ -50,9 +55,13 @@
         manage_ec2_instance_instance_name: "{{ instance_name }}"
         manage_ec2_instance_instance_type: "{{ instance_type }}"
         manage_ec2_instance_ami_id: "{{ ami_id }}"
-        manage_ec2_instance_key_name: "{{ key_name }}"
         manage_ec2_instance_vpc_subnet_id: "{{ ec2_networking_resources_subnet_result.subnet.id }}"
         manage_ec2_instance_wait_for_state: "{{ wait_for_state | bool }}"
         manage_ec2_instance_associate_security_groups: "{{ [sg_name] }}"
         manage_ec2_instance_associate_eip: "{{ create_external_access_resources }}"
         manage_ec2_instance_instance_tags: "{{ instance_tags | default('{}', true) | from_json }}"
+
+    - name: Output private key if a new keypair was created
+      when: ec2_instance_manage_key_pair_result.key is defined
+      ansible.builtin.debug:
+        msg: "A new key pair was created for ssh access to the instance. Please save this private key for reference: {{ ec2_instance_manage_key_pair_result.key.private_key }}"
diff --git a/extensions/patterns/configure_ec2/playbooks/group_vars/all.yml b/extensions/patterns/configure_ec2/playbooks/group_vars/all.yml
@@ -1,4 +1,3 @@
-key_name: "{{ instance_name }}-key"
 wait_for_state: true
 vpc_name: "{{ instance_name }}-vpc"
 vpc_cidr: 10.0.0.0/24

diff --git a/extensions/patterns/configure_ec2/template_surveys/create_ec2_instance.yml b/extensions/patterns/configure_ec2/template_surveys/create_ec2_instance.yml
@@ -28,7 +28,7 @@ spec:
 
   - type: text
     question_name: Key Pair Name
-    question_description: Name of key pair to use or create for SSH access to the EC2 instance. Defaults to '{{ instance_name }}-key'
+    question_description: Name of key pair to use or create for SSH access to the EC2 instance. If the key does not exist, a key pair will be created with the name. If not provided, instance will not be accessible via SSH.
     variable: key_name
     required: false
 

diff --git a/roles/manage_ec2_instance/README.md b/roles/manage_ec2_instance/README.md
@@ -6,7 +6,7 @@ Users can specify various parameters for instance configuration, including insta
 
 This role can be combined with the [cloud.aws_ops.ec2_networking_resources role](../ec2_networking_resources/README.md) to create/delete networking resources for the instance, see [examples](#examples).
 
-EC2 instance details and the private key (if a key pair is created) will be displayed as role output. The instance and key pair details are accessible via variables `ec2_instance_manage_create_result` and `ec2_instance_manage_key_pair_result`, respectively.
+The instance and key pair details are accessible via variables `ec2_instance_manage_create_result` and `ec2_instance_manage_key_pair_result`, respectively.
 
 ## Requirements
 

diff --git a/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml b/roles/manage_ec2_instance/tasks/ec2_instance_create_operations.yml
@@ -21,13 +21,15 @@
         names:
           - "{{ manage_ec2_instance_key_name }}"
       register: key_info_result
+      no_log: true
 
     - name: Create new key pair
       amazon.aws.ec2_key:
         name: "{{ manage_ec2_instance_key_name }}"
         state: present
       when: key_info_result.keypairs | length == 0
       register: ec2_instance_manage_key_pair_result
+      no_log: true
 
 - name: Create EC2 instance with provided configuration
   amazon.aws.ec2_instance: