ec2_user_password.yml

###################################################
#Author: Almir Candido                            #
#Contact: https://br.linkedin.com/in/almircandido #
#                                                 #
#Ansible Version: 2.9                             #
#                                                 #
#Requisitos:                                      #
#Install:                                         #
#python-boto                                      #
#python-boto3                                     #
#pip install boto3                                #
###################################################
#Documentation about modules
#https://docs.ansible.com/ansible/latest/modules/ec2_instance_info_module.html
#https://docs.ansible.com/ansible/latest/modules/add_host_module.html
#https://docs.ansible.com/ansible/latest/modules/user_module.html
#https://docs.ansible.com/ansible/latest/modules/replace_module.html
#AWS Habilitando um login de senha em vez de um par de chaves ao fazer login na minha instância do EC2 usando SSH
---
- hosts: localhost
  gather_facts: no
  vars:
    AWS_ACCESS_KEY: xxxxxxxxxxxxxxxxxxxx #inform access key
    AWS_SECRET_KEY: xxxxxxxxxxxxxxxxxxxx #inform secret key
    AWS_REGION: us-east-1 # N. Virginia
    TAG_NAME: webserver01
    KEY_FILE: /home/ansible/almir_ssh.pem
  tasks:
    - name: Instance Facts
      ec2_instance_info:
        aws_access_key: "{{ AWS_ACCESS_KEY }}"
        aws_secret_key: "{{ AWS_SECRET_KEY }}"
        region: "{{ AWS_REGION }}"
        filters:
          "tag:Name": "{{ TAG_NAME }}"
      register: result
#
    - name: Add host inventory cache
      add_host:
        hostname: "{{ item.public_dns_name }}"
        groupname: server
        ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
        ansible_ssh_private_key_file: "{{ KEY_FILE }}"
      loop: "{{ result.instances }}"
#
- hosts: server
  become: yes
  gather_facts: no
  remote_user: ec2-user
  vars:
    AWS_USER: ec2-user
    AWS_USER_PASS: alm21@@AL33
  tasks:
    - name: Create user {{ AWS_USER }} password
      user:
        name: "{{ AWS_USER }}"
        password: "{{ AWS_USER_PASS | password_hash('sha512') }}"
#
    - name: Change PermitRootLogin to not
      replace:
        path: /etc/ssh/sshd_config
        regexp: 'PermitRootLogin yes'
        replace: 'PermitRootLogin no'
#
    - name: Change PasswordAuthentication to yes
      replace:
        path: /etc/ssh/sshd_config
        regexp: 'PasswordAuthentication no'
        replace: 'PasswordAuthentication yes'
      notify: restart_ssh
#
  handlers:
    - name: Restart ssh service
      service:
        name: sshd
        state: restarted
        enabled: true
      listen: restart_ssh
...