CODEWITHSUNDEEP
amazon-ec2ansible
mjuopperi
mjuopperi

Reputation: 971

Disable ec2 instance termination protection with Ansible

I'm currently enabling termination_protection for all instances created with Ansible to prevent accidental termination from the console etc. Now I want to be able to terminate specific instances with Ansible but I can't figure out how to disable termination protection on them.

This is what I thought would do the trick:

- name: Disable termination protection
  ec2:
    instance_ids: "{{ instance_ids }}"
    region: "{{ aws_region }}"
    termination_protection: no

How ever I get this error message when running it:

fatal: [localhost]: FAILED! => {
  "changed": false, 
  "failed": true, 
  "msg": "image parameter is required for new instance"
}

It looks like Ansible is interpreting my script as an instance creation request.

Is there a way to change termination protection with another module? The only other way I can think of is to use aws cli through a shell task in Ansible but that is a bit hacky.

Upvotes: 2

Views: 2500

Answers (1)

Konstantin Suvorov
Konstantin Suvorov

Reputation: 68279

Let's take a look into the source code.

States running and stopped calls startstop_instances().
State restarted calls restart_instances().
Both this functions honor source_dest_check and termination_protection attributes values.

So you can call:

 - ec2:
     instance_ids: "{{ instance_ids }}"
     state: restarted
     region: "{{ aws_region }}"
     termination_protection: no

if you don't mind your servers to be restarted.

Or query current states with ec2_remote_facts and call ec2 module with that states as parameter – this will change termination_protection, but will keep instances' states untouched.

Upvotes: 5

Related Questions