If you are dynamically building new VPC's and you want your ssh config file to be updated dynamically. I would have a role that deploys the bastion host in the new VPC and right before the role exits, it should update your ~/.ssh/config file. (Not sure if this is what you are looking for) Example below.....
- name: Provision EC2 Bastion server instances ec2: region: "{{ aws_region }}" keypair: "{{ key_name }}" group_id: "{{ bastion_sg.group_id }}" instance_type: "{{ instance_type }}" image: "{{ ami_id }}" exact_count: 1 count_tag: Name: bastion instance_tags: Name: bastion assign_public_ip: True wait: yes #vpc_subnet_id: "{{ item.id }}" vpc_subnet_id: "{{ vpc.results[0].subnets |parse_subnets_by_tag('Tier', 'public', return_count=False)|first }}" register: bastion - debug: var=bastion - name: Add bastion instances to host group add_host: name={{ item }} groups=bastion with_items: - "{{ bastion|parse_results(key='public_ip') }}" - name: update ssh config blockinfile: dest: /home/foo/.ssh/config block: | Host 10.111.* StrictHostKeyChecking no ProxyCommand ssh -i ~/.ssh/my_key.pem foo@10.10.10.10 -W %h:%p User ansible IdentityFile ~/.ssh/ansible On Tuesday, December 20, 2016 at 3:35:55 PM UTC-8, colin byrne wrote: > > I asked this a while back and I did not find a good solution back then... > Hopefully something has changed! > > I am running Ansible outside of multiple VPCs, and have a set of configs > in my ~/.ssh/config that get picked up when using a static inventory file. > > Is there a way to utilize that config when using a dynamic inventory file, > or specify proxy commands elsewhere, to enable connections though a bastion > to each of those VPC's? > > Thanks for any help! > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e31357b9-7373-42d5-876b-bc25a65df1c3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.