Add users to EC2 instances with SSH Access - Ansible

Updated on:

The objective of this article is to talk about how to add new users to EC2 instances and copy their SSH Keys to grant them SSH access.

Consider yourself managing an AWS Infra with 100+ EC2 instances and you have a new hire in your team who should have his SSH access to all these instances.

So how do you do it?

I know you might say, why not have the centralized management system or LDAP and configure these servers.

But Not every organization have LDAP or Centralized Authentication system. So you have to create these users locally in each system.

Thanks to Ansible.

In this article, we are going to see how to handle this situation with a Single ansible playbook and perform the following tasks

  1. Create a new user account on all these EC2 instances for the user.
  2. Copy the user's SSH public key into the newly created account for them to login without a password

There is also an another way to handle this problem is by just adding the SSH public key of the users to the default user accounts of EC2 servers like ubuntu or centos etc.

Add SSH Key to EC2 instances with Ansible – Automated

 

How to download the playbook

The Playbook can be copied from this post or cloned from the Git hub repository branch. Do not use the main branch as it is intended for the other method to add SSH key to default user

git clone – branch UserCreate-SSHAdd https://github.com/AKSarav/Add-SSH-Key-EC2-Ansible.git

or

git clone -b UserCreate-SSHAdd https://github.com/AKSarav/Add-SSH-Key-EC2-Ansible.git

 

Preparing the hosts file with multiple hosts and distributions

We have a host file with a hostgroup named hosts_to_add_key and we have defined our host-specific properties including what username should be used for each host

The reason we are defining the ansible_user is to be able to use different types of EC2 instances with different user IDs.  Because in real-time, we might have different distributions of Linux servers running in our infra like ubuntu, centos, ec2-user etc.

The ansible_port is to define the SSH port number to be used while connecting to the remote server.

In my case, some of my hosts are running with modified SSH port for security reasons so I should be able to instruct Ansible to use the right port.

we have also disabled the StrictHostKeyChecking for development and testing efficiency

[hosts_to_add_key]
172.99.1.82 ansible_user=ubuntu ansible_port=2222
172.99.1.56 ansible_user=centos ansible_port=22

[hosts_to_add_key:vars]
ansible_ssh_common_args="-o StrictHostKeyChecking=no"

 

Playbook to add users in EC2 instance and copy SSH key

In this playbook, we have three tasks

The first task is to create a group for the users. You can define N number of groups as per your requirement and the groups can be used on the further tasks

The second task is to create a user and map to a group created in the previous step. we are defining multiple users with help of with_items you can define N number of users as per your requirement.

The Third task is to copy the user's SSH key to their newly created user IDs on the EC2 instance for them to able to log in.

You have to give the fully qualified path of the Public KEY of each user in the with_items dictionary. In my case, I have key files under the same directory, so I just have to refer their name.

you can obtain these key files from the user machines or you can create on their behalf and send them the private key file and keep the public key here for copying into the EC2 instance.

---
- name: "Playbook to Create User and  Add Key to EC2 Instance"
  hosts: hosts_to_add_key
  become: true
  tasks:
  
  - name : "Create Groups"
    group:
      name: "{{item}}"
      state: "present"
    with_items:
      - adminteam
      - devopsteam

  - name : "Create a user"
    user:
        name: "{{item.name}}" 
        create_home: yes 
        group: "{{item.group}}" 
        state: present 
        ssh_key_file: .ssh/id_rsa 
        ssh_key_type: rsa 
    with_items: 
      - { name: 'sarav', group: 'adminteam'}
      - { name: 'hanu', group: 'devopsteam'}

  - name: "Copy the authorized key file from"
    authorized_key:
      user: "{{item.name}}"
      state: "{{item.userstate}}"
      key: "{{ lookup('file', '{{ item.key }}')}}"
    with_items:
      - { name: 'sarav', key: 'sarav.pub', userstate: 'present'}
      - { name: 'hanu', key: 'hanu.pub', userstate: 'present'}

 

Execution Result of this playbook

add user ec2 ansible

you can see the playbook has been executed successfully and the user can log in/SSH now with his private key

You can see that I am executing an id command with SSH connection and using my(sarav) private key file to login without password.

add user ec2 ansible

As per our configuration, two new users have been created named sarav and hanu and they have been mapped to different groups as well.

Hope this article is helpful to you. If you have any feedback/questions use the comment section

Cheers
Sarav A K

Follow me on Linkedin My Profile
Follow DevopsJunction onFacebook orTwitter
For more practical videos and tutorials. Subscribe to our channel

Buy Me a Coffee at ko-fi.com

Signup for Exclusive "Subscriber-only" Content

 

More from Middleware Inventory

  • add ssh key to EC2 instance
    Add SSH Key to EC2 instances with Ansible - Automated

    Whether it is On-Prem (or) Cloud-hosted, A Typical Non-Containerized Enterprise infrastructure would have ample of Virtual Machines aka Servers [ Linux ] Let us suppose that you work for the DevOps team of a Big Organization where you manage 100+ ec2 instances. You have a new hire in your team…

  • ansible_hostname
    Ansible Inventory_hostname & ansible_hostname Examples

    In this post, we are going to see two built-in variables of ansible mostly used in Ansible playbooks and they are inventory_hostname and ansible_hostname while both these variables are to give you the hostname of the machine. they differ in a way, where it comes from. So in this article,…

  • Ansible EC2 Create
    Ansible EC2 Example - Create EC2 instance with Ansible

    Infrastructure as Code is getting all attention it deserves and everyone is trying to find their way to the `Completely automated Infrastructure Provisioning & Management` While there are a lot of tools available now in the market starting from Terraform, AWS CloudFormation, Chef, Puppet, Salt Stack There are some differences…

  • Vagrant Private key - Ansible SSH Permission Denied - How to resolve.

    While building VMs with Vagrant and trying to run ansible-playbook with them over SSH connection.  We get exceptions like Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password The execution and the error would like something similar to the below. This post presumes that you are using the…

  • AWS CLI EC2 Stop and Terminate command Examples

    In AWS infrastructure, We create a lot of EC2 instances on demand and we tend to forget about the stopped instances considering that it is stopped and not being billed for. But the fact is that Even the stopped instances would cost you a couple of pennies in various forms…