Add users to EC2 instances with SSH Access - Ansible

The objective of this article is to talk about how to add new users to EC2 instances and copy their SSH Keys to grant them SSH access.

Consider yourself managing an AWS Infra with 100+ EC2 instances and you have a new hire in your team who should have his SSH access to all these instances.

So how do you do it?

I know you might say, why not have the centralized management system or LDAP and configure these servers.

But Not every organization have LDAP or Centralized Authentication system. So you have to create these users locally in each system.

Thanks to Ansible.

In this article, we are going to see how to handle this situation with a Single ansible playbook and perform the following tasks

  1. Create a new user account on all these EC2 instances for the user.
  2. Copy the user's SSH public key into the newly created account for them to login without a password

There is also an another way to handle this problem is by just adding the SSH public key of the users to the default user accounts of EC2 servers like ubuntu or centos etc.

Add SSH Key to EC2 instances with Ansible – Automated


How to download the playbook

The Playbook can be copied from this post or cloned from the Git hub repository branch. Do not use the main branch as it is intended for the other method to add SSH key to default user

git clone – branch UserCreate-SSHAdd


git clone -b UserCreate-SSHAdd


Preparing the hosts file with multiple hosts and distributions

We have a host file with a hostgroup named hosts_to_add_key and we have defined our host-specific properties including what username should be used for each host

The reason we are defining the ansible_user is to be able to use different types of EC2 instances with different user IDs.  Because in real-time, we might have different distributions of Linux servers running in our infra like ubuntu, centos, ec2-user etc.

The ansible_port is to define the SSH port number to be used while connecting to the remote server.

In my case, some of my hosts are running with modified SSH port for security reasons so I should be able to instruct Ansible to use the right port.

we have also disabled the StrictHostKeyChecking for development and testing efficiency

[hosts_to_add_key] ansible_user=ubuntu ansible_port=2222 ansible_user=centos ansible_port=22

ansible_ssh_common_args="-o StrictHostKeyChecking=no"


Playbook to add users in EC2 instance and copy SSH key

In this playbook, we have three tasks

The first task is to create a group for the users. You can define N number of groups as per your requirement and the groups can be used on the further tasks

The second task is to create a user and map to a group created in the previous step. we are defining multiple users with help of with_items you can define N number of users as per your requirement.

The Third task is to copy the user's SSH key to their newly created user IDs on the EC2 instance for them to able to log in.

You have to give the fully qualified path of the Public KEY of each user in the with_items dictionary. In my case, I have key files under the same directory, so I just have to refer their name.

you can obtain these key files from the user machines or you can create on their behalf and send them the private key file and keep the public key here for copying into the EC2 instance.

- name: "Playbook to Create User and  Add Key to EC2 Instance"
  hosts: hosts_to_add_key
  become: true
  - name : "Create Groups"
      name: "{{item}}"
      state: "present"
      - adminteam
      - devopsteam

  - name : "Create a user"
        name: "{{}}" 
        create_home: yes 
        group: "{{}}" 
        state: present 
        ssh_key_file: .ssh/id_rsa 
        ssh_key_type: rsa 
      - { name: 'sarav', group: 'adminteam'}
      - { name: 'hanu', group: 'devopsteam'}

  - name: "Copy the authorized key file from"
      user: "{{}}"
      state: "{{item.userstate}}"
      key: "{{ lookup('file', '{{ item.key }}')}}"
      - { name: 'sarav', key: '', userstate: 'present'}
      - { name: 'hanu', key: '', userstate: 'present'} 


Execution Result of this playbook

add user ec2 ansible

you can see the playbook has been executed successfully and the user can log in/SSH now with his private key

You can see that I am executing an id command with SSH connection and using my(sarav) private key file to login without password.

add user ec2 ansible

As per our configuration, two new users have been created named sarav and hanu and they have been mapped to different groups as well.

Hope this article is helpful to you. If you have any feedback/questions use the comment section

Sarav A K

Follow me on Linkedin My Profile
Follow DevopsJunction onFacebook orTwitter
For more practical videos and tutorials. Subscribe to our channel

Buy Me a Coffee at

Signup for Exclusive "Subscriber-only" Content