cyberarkpassword.yml

- hosts: localhost
  gather_facts: no
  vars:
    ami_id: ami-02eac2c0129f6376b
    keypair: cyberark-pasaas
    region: us-east-1
    security_group: sg-035eb1a11c4584d01
    subnet: subnet-08f9e42a174453e28
    type: t2.micro

  tasks:
    - name: Retrieve AWS Access Key from CyberArk PAS using AAM CP
      set_fact:
        AWS_ACCESS_KEY_ID: "{{ item.passprops.AWSAccessKeyID }}"
        AWS_SECRET_ACCESS_KEY: "{{ item.password }}"
      with_cyberarkpassword:
        appid: AnsibleCP
        query: "Safe=D-AWS-AccessKeys;Object=Cloud Service-AWSAccessKeys-AnsibleAWSUser"
        output: "Password,PassProps.AWSAccessKeyID"
      no_log: yes

    - name: Start CentOS 7 AWS EC2 Instance
      ec2:
        aws_access_key: "{{ AWS_ACCESS_KEY_ID }}"
        aws_secret_key: "{{ AWS_SECRET_ACCESS_KEY }}"
        assign_public_ip: yes
        group_id: "{{ security_group }}"
        image: "{{ ami_id }}"
        instance_tags:
          Name: CentOS Client
          role: client_centos
        instance_type: "{{ type }}"
        key_name: "{{ keypair }}"
        region: "{{ region }}"
        vpc_subnet_id: "{{ subnet }}"