No new keypair will be created

extensions/patterns/configure_ec2/README.md

@@ -6,7 +6,7 @@ This pattern is designed to help get an EC2 instance up and running.
 
 To enable SSH access to the EC2 instance from your local machine, you need to do 2 things:
 
-1. **Provide a Key Name**: Enter a key name in the **key_name** parameter in the survey. A new key will be created (or an existing key with the specified namewill be used) and associated with the EC2 instance. If creating a new key pair, be sure to save the private key value provided at the end of the job run, as you'll need it for future access to the instance.
+1. **Provide the Key Name**: Specify an existing key name in the **key_name** parameter in the survey. The EC2 instance will be associated with the key pair corresponding to the provided name. If the key pair is unavailable, you will not be able to access the instance from your local machine.
 
 2. **Add a Security Group Rule for SSH Access**: Configure a security group rule to allow inbound SSH traffic from your local machine's IP address. Provide this rule in the **sg_rules** parameter in the survey. Following is an example of the security group rule:
 
@@ -16,6 +16,7 @@ To enable SSH access to the EC2 instance from your local machine, you need to do
     cidr_ip: 203.0.113.0/3
 ```
 
+_Warning_: Please be aware that anyone with access to the job output will be able to view the key.
 
 ## What This Pattern Covers
 

extensions/patterns/configure_ec2/playbooks/create_ec2_instance.yml

@@ -14,10 +14,19 @@
       ansible.builtin.set_fact:
         final_sg_rules: "{{ create_external_access_resources | ternary(sg_rules_list + allow_external_access_sg_rules, sg_rules_list) }}"
 
-    - name: Set manage_ec2_instance_key_name role var
-      ansible.builtin.set_fact:
-        manage_ec2_instance_key_name: "{{ key_name }}"
+    - name: Validate key "{{ key_name }}" if given
       when: key_name is defined and key_name != ''
+      block:
+      - name: Check if the key "{{ key_name }}" exists
+        amazon.aws.ec2_key_info:
+          names:
+            - "{{ key_name }}"
+        register: key_info_result
+
+      - name: Set manage_ec2_instance_key_name role var
+        ansible.builtin.set_fact:
+          manage_ec2_instance_key_name: "{{ key_name }}"
+        when: key_info_result.keypairs | length > 0
 
     - name: Get RHEL 9 AMI ID if needed
       when: ami_id | default("", true) == ""
@@ -30,6 +39,7 @@
             owner:
               - amazon
           register: images
+
         - name: Update ami_id variable
           ansible.builtin.set_fact:
             ami_id: "{{ (images.images | sort(attribute='name') | last).image_id }}"
@@ -61,7 +71,7 @@
         manage_ec2_instance_associate_eip: "{{ create_external_access_resources }}"
         manage_ec2_instance_instance_tags: "{{ instance_tags | default('{}', true) | from_json }}"
 
-    - name: Output private key if a new keypair was created
-      when: ec2_instance_manage_key_pair_result.key is defined
+    - name: Warn if key "{{ key_name }} does not exist
       ansible.builtin.debug:
-        msg: "A new key pair was created for ssh access to the instance. Please save this private key for reference: {{ ec2_instance_manage_key_pair_result.key.private_key }}"
+        msg: "Warning: The key '{{ key_name }}' does not exist!"
+      when: key_name is defined and key_info_result.keypairs | length == 0

extensions/patterns/configure_ec2/template_surveys/create_ec2_instance.yml

@@ -28,7 +28,7 @@ spec:
 
   - type: text
     question_name: Key Pair Name
-    question_description: Name of key pair to use or create for SSH access to the EC2 instance. If the key does not exist, a key pair will be created with the name. If not provided, instance will not be accessible via SSH.
+    question_description: Name of key pair to use for SSH access to the EC2 instance. If the key does not exist or not provided, the instance will not be accessible via SSH.
     variable: key_name
     required: false