bastionhost.yml will use role aws.bastionhost to create a bastionhost ec2 with elastic IP address attached. Role localhost.bastion_ssh_config will modify .ssh/config file, but in my test, it wrote a different public IP than the elastic IP. However, the 2nd time run it will fix it.

I guess the "wrong" IP address come from the public IP when the ec2 instance was created, but later on it is replaced by elastic IP. That explains why it fixed itself after the 2nd run.

I appreciate for your great work!

I know it is marked as "this is BEST EFFORT. May miss the SSH public key", but recently it happens very often to me to the point I have to comment it out. I don't see any body bring it up, is there already a solution or walk around I have missed? Thank you.

bastionhost.yml includes localhost.aws_ssh_keys role to add lines into known_hosts file for each ec2 instance with their private and public IP addresses. This is necessary for other roles like ubuntu.raw_install_python later on. I run into problems with public IP addresses, and private IPs are OK.

After modify the line parameter of lineinfile task, which import SSH public keys for public IP addresses, the problem disappear.

Here is the line I refer to:
line: "{{ item.0.public_dns_name}} ecdsa-sha2-nistp256 {{...

Here is what I have changed to:
line: "{{ item.0.public_dns_name}},{{ item.0.public_ip_address }} ecdsa-sha2-nistp256 {{...

I have recently started working with Ansible and was following your tutorial for setting up openvpn on EC2. However I'm getting the following error

ERROR! couldn't resolve module/action 'ec2_vpc'. This often indicates a misspelling, missing collection, or incorrect modu
le path.

The error appears to be in '/home/ec2-user/playbook/roles/aws.vpc/tasks/main.yml': line 3, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

# tasks file for aws.vpc
- name: Create VPC.
  ^ here

This might be a silly issue, so I apologize in advance.

This page ranks third on Google for the query "openvpn docker aws", so many people will find it before finding your playbook and containers repos. Which means the « quickstart starting from zero » section is absolutely not... starting from zero :-)

I'll update this issue with the steps I had to figure out by myself before being able to use openvpn on aws:

• make sure I had generated an ssh-key named awskey (and not anything else)
• added the awscli package to environment.sh in my containers clone
• follow the quickstart instructions in containers'README (and figure out the virtualenv stuff)
• run source ../containers/env/bin/activate from within playbook/ansible-playbooks
• saving a password in ~/.ansible/vault_deploy_key
• create the vault file using ansible-vault create vars/dev_aws/vault.yml
• read the vpc playbook using ansible-playbook vpc_create.yml -e "env=dev" instead of ansible-playbook create_vpc.yml -e "env=dev"
• upload a public key to the appropriate region of ec2, named "dev"
• read the openvpn playbook using ansible-playbook openvpn.yml -e "env=dev assign_public_ip=true instance_type=t2.micro" instead of ansible-playbook openvpn.yml -e "env=dev public_ip=true instance_type=t2.micro"